The TCC area (Transparency, Consent and Control) is always a problem child for Apple: MacOS should actually use the technology to protect against data outflows to apps that the user does not want. But bugs in this approval and inspection framework keep coming up- often through the back door. One example is a current bug that security researcher found at Microsoft. The gap called Spoitlight Use Apple’s in-house Spotlight search function including errors in Apple Intelligence to use sensitive data, including location, meta-stinfos and even facial recognition information. Fortunately, Apple has already fixed the bug with MacOS 15.4 at the end of March.
No trust in TCC
TCC should actually ensure that personal information cannot be accessed without user approval. Apple uses a wide sandboxing – so wide that the many inquiries even annoy many users. As part of SPLOITLIGHT, Microsoft now showed that it is possible to access data held on the cache in the cache. In addition, the researchers manipulated Spotlight plugins in such a way that they were using usual Spotlight functions such as mdfind (Spotlight on the command line) could create a TCC bypass. An attacker must know which file types he or she wants to read out. The plugins are even unsigned, so they can be carried out much easier by attackers than “normal” apps.
Microsoft continued to be able to read out photo albums and shared albums, to track user activities in the field of photos, to see which photos and videos were deleted and to abuse the image classifier, which shows what an image shows.
Intelligence cleverly exploited
Some of the leaks need an active Apple Intelligence, others obviously don’t. According to Microsoft, it would also be possible to read other cache files, including those of Chatgpt (which is integrated into Apple Intelligence) or email summary.
Apparently the iPhone is also affected by the gap. Microsoft indicates that it is possible from the Mac to capture compared data. Apple has fixed several gaps in iOS 18.4 that match. Microsoft delivered a total of three error reports for MacOS 15.4 and iOS 18.4, including a bug in the context of checking Symlinks and a “state management” error. Users should urgently bring your system up to date. MacOS 15.5 and iOS 18.5 are the current versions.
Discover more from Apple News
Subscribe to get the latest posts sent to your email.