Microsoft Threat Intelligence
This talk unveils a novel macOS TCC (Transparency, Consent, and Control) bypass (CVE-2025-31199), leveraging Spotlight plugins to gain unauthorized access to sensitive user data. The vulnerability, privately disclosed to Apple in February 2025, highlights a critical gap in Apple's privacy protections. We will walk through the discovery process, exploitation methodology, and implications for macOS users.
In addition to the TCC bypass, the talk will explore how Apple Intelligence handles private data, including DB file access, querying sensitive content, and multi-user system behavior. We will discuss how a single, trivial TCC bypass can expose sensitive data locally and remotely.
The presentation will conclude with recommendations for hardening Apple's privacy infrastructure and mitigating similar threats.
Christine Fossaceca is a Senior Security Researcher at Microsoft. She has a background in mobile exploit development, forensics techniques, red teaming, reverse engineering, and penetration testing. Christine’s current focus is on the Defender for Endpoint team, analyzing iOS and macOS malware, tracking in the wild threats, and finding vulnerabilities on various platforms.
POC Conference is made possible thanks to the support of our sponsors. Their continued partnership has played a vital role in sustaining and growing POC over the years. We sincerely thank them for their contribution.
Sponsorship recruitment has not started yet. Please check back later.
