XPost: comp.sys.mac.advocacy, alt.comp.os.windows-11

In another blow to user privacy...

<https://www.bleepingcomputer.com/news/security/microsoft-macos-sploitlight-flaw-leaks-apple-intelligence-data/>

--
God be with you,

CrudeSausage
Say no to DRM!
John 14:6

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: comp.sys.mac.advocacy, alt.comp.os.windows-11

On 2025-07-28 12:18, CrudeSausage wrote:

In another blow to user privacy...

<https://www.bleepingcomputer.com/news/security/microsoft-macos- sploitlight-flaw-leaks-apple-intelligence-data/>

'Apple has fixed the security flaw tracked as CVE-2025-31199'

Back in March.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: comp.sys.mac.advocacy, alt.comp.os.windows-11

On Mon, 7/28/2025 4:16 PM, Alan wrote:

On 2025-07-28 12:18, CrudeSausage wrote:

In another blow to user privacy...

<https://www.bleepingcomputer.com/news/security/microsoft-macos-sploitlight-flaw-leaks-apple-intelligence-data/>

'Apple has fixed the security flaw tracked as CVE-2025-31199'

Back in March.

"Apple has fixed the security flaw tracked as CVE-2025-31199 (reported by
Microsoft's Jonathan Bar Or, Alexia Wilson, and Christine Fossaceca) in
patches released in March for macOS Sequoia 15.4 with "improved data redaction."
"

"While Apple restricts TCC access only to apps with full disk access and
automatically blocks unauthorized code execution, Microsoft security
researchers found that attackers could use the privileged access of Spotlight
plugins to access sensitive files and steal their contents.

They showed in a report published today that the vulnerability <=== A July 28, 2025 report of a new/continuing issue
(named Sploitlight and described by Apple as a "logging issue")
could be exploited to harvest valuable data, including Apple Intelligence-related
information and remote information of other iCloud account-linked devices.
"

Presumably, for this issue to be reported today, Apple was told about this some time after March and before July 28, 2025.

Not that this is important or anything. It's the CVE system, and the reporting is how the reporting works. The reporting will not be in chronological order, so reports like this are of limited value in their current form (because, the article
does not include feedback from Apple). It might take several weeks for the Apple P.R. team to row out something in response.

Paul

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: comp.sys.mac.advocacy, alt.comp.os.windows-11

On 2025-07-28, Paul <nospam@needed.invalid> wrote:

On Mon, 7/28/2025 4:16 PM, Alan wrote:

On 2025-07-28 12:18, CrudeSausage wrote:

In another blow to user privacy...

<https://www.bleepingcomputer.com/news/security/microsoft-macos-sploitlight-flaw-leaks-apple-intelligence-data/>

'Apple has fixed the security flaw tracked as CVE-2025-31199'

Back in March.

"Apple has fixed the security flaw tracked as CVE-2025-31199 (reported by
Microsoft's Jonathan Bar Or, Alexia Wilson, and Christine Fossaceca) in
patches released in March for macOS Sequoia 15.4 with "improved data redaction."
"

"While Apple restricts TCC access only to apps with full disk access and
automatically blocks unauthorized code execution, Microsoft security
researchers found that attackers could use the privileged access of Spotlight
plugins to access sensitive files and steal their contents.

They showed in a report published today that the vulnerability <=== A July 28, 2025 report of a new/continuing issue
(named Sploitlight and described by Apple as a "logging issue")
could be exploited to harvest valuable data, including Apple Intelligence-related
information and remote information of other iCloud account-linked devices.
"

Presumably, for this issue to be reported today, Apple was told about this some
time after March and before July 28, 2025.

Not that this is important or anything. It's the CVE system, and the reporting
is how the reporting works. The reporting will not be in chronological order, so reports like this are of limited value in their current form (because, the article
does not include feedback from Apple). It might take several weeks for the Apple P.R. team to row out something in response.

Paul

The NPD data breach is the one that people should be concerned with. <https://hr.berkeley.edu/news/national-public-data-breach-what-you-can-do>

--
Ask snit how he pissed on his cat.
All about snit Michael Glasser Of Prescott AZ read below. Links courtesy of Ron:
<https://web.archive.org/web/20181028000459/http://www.cosmicpenguin.com/snit.html>
<https://web.archive.org/web/20190529043314/http://cosmicpenguin.com/snitlist.html>
<https://web.archive.org/web/20190529062255/http://cosmicpenguin.com/snitLieMethods.htm>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: comp.sys.mac.advocacy, alt.comp.os.windows-11

On 2025-07-28 16:16, Alan wrote:

On 2025-07-28 12:18, CrudeSausage wrote:

In another blow to user privacy...

<https://www.bleepingcomputer.com/news/security/microsoft-macos-
sploitlight-flaw-leaks-apple-intelligence-data/>

'Apple has fixed the security flaw tracked as CVE-2025-31199'

Back in March.

I can only imagine how much data has been acquired by criminals before
that was fixed.

--
God be with you,

CrudeSausage
Say no to DRM!
John 14:6

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: comp.sys.mac.advocacy, alt.comp.os.windows-11

On 2025-07-28 16:33, CrudeSausage wrote:

On 2025-07-28 16:16, Alan wrote:

On 2025-07-28 12:18, CrudeSausage wrote:

In another blow to user privacy...

<https://www.bleepingcomputer.com/news/security/microsoft-macos-
sploitlight-flaw-leaks-apple-intelligence-data/>

'Apple has fixed the security flaw tracked as CVE-2025-31199'

Back in March.

I can only imagine how much data has been acquired by criminals before
that was fixed.

You simply assume that knowledge of the exploit was widespread before it
was fixed, huh?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: comp.sys.mac.advocacy, alt.comp.os.windows-11

On 2025-07-28 20:40, Alan wrote:

On 2025-07-28 16:33, CrudeSausage wrote:

On 2025-07-28 16:16, Alan wrote:

On 2025-07-28 12:18, CrudeSausage wrote:

In another blow to user privacy...

<https://www.bleepingcomputer.com/news/security/microsoft-macos-
sploitlight-flaw-leaks-apple-intelligence-data/>

'Apple has fixed the security flaw tracked as CVE-2025-31199'

Back in March.

I can only imagine how much data has been acquired by criminals before
that was fixed.

You simply assume that knowledge of the exploit was widespread before it
was fixed, huh?

You simply assume that your beloved Apple is so excellent that they fix problems before they even emerge, huh?

--
God be with you,

CrudeSausage
John 14:6

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: comp.sys.mac.advocacy, alt.comp.os.windows-11

On 2025-07-28 18:25, CrudeSausage wrote:

On 2025-07-28 20:40, Alan wrote:

On 2025-07-28 16:33, CrudeSausage wrote:

On 2025-07-28 16:16, Alan wrote:

On 2025-07-28 12:18, CrudeSausage wrote:

In another blow to user privacy...

<https://www.bleepingcomputer.com/news/security/microsoft-macos-
sploitlight-flaw-leaks-apple-intelligence-data/>

'Apple has fixed the security flaw tracked as CVE-2025-31199'

Back in March.

I can only imagine how much data has been acquired by criminals
before that was fixed.

You simply assume that knowledge of the exploit was widespread before
it was fixed, huh?

You simply assume that your beloved Apple is so excellent that they fix problems before they even emerge, huh?

I make no assumptions.

I NOTE that the flaw was fixed MONTHS before the article.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: comp.sys.mac.advocacy, alt.comp.os.windows-11

On Tue, 7/29/2025 6:22 PM, Joel wrote:

Alan <nuh-uh@nope.com> wrote:

On 2025-07-28 18:25, CrudeSausage wrote:

On 2025-07-28 20:40, Alan wrote:

On 2025-07-28 16:33, CrudeSausage wrote:

On 2025-07-28 16:16, Alan wrote:

On 2025-07-28 12:18, CrudeSausage wrote:

In another blow to user privacy...

<https://www.bleepingcomputer.com/news/security/microsoft-macos- >>>>>>> sploitlight-flaw-leaks-apple-intelligence-data/>

'Apple has fixed the security flaw tracked as CVE-2025-31199'

Back in March.

I can only imagine how much data has been acquired by criminals
before that was fixed.

You simply assume that knowledge of the exploit was widespread before
it was fixed, huh?

You simply assume that your beloved Apple is so excellent that they fix
problems before they even emerge, huh?

I make no assumptions.

I NOTE that the flaw was fixed MONTHS before the article.

It does appear that Apple fixed this early on.

Read the article again. It's a "fix and fix again" issue.

A second issue has arisen, as the Microsoft exploit team picks
at a competitors OS. Lots of companies do this, and it is
actually excellence-in-action because it "lifts everyones boat".
There is one guy in the Chrome team, who is excellent at
showing how Windows is not an OS :-)

Nothing to be ashamed of. If your OS has 500 million line of
code, your buggage is astronomical. Ask any CS graduate if
there is a "pure as the driven snow" company, and everyone
knows there is no such thing. Bugs exist. Everyone makes
them. And a community effort, where someone else fuzzes your
stuff, that's excellence. Mainly because some opposing
teams are just so good at it. when asked to fuzz *their own*
stuff, strangely they can't find anything. But that's the
psychology of the thing and how it works. Like if the team
had 20 players, maybe only one of the players is "attuned"
to a certain competitors OS and can beat the piss out of it.

This is good. Everyone wins.

It's the same with AV companies. They could have 200 people or
1000 people on staff. Yet there are just two people who
really know what is going on, and they solve the "new exploit"
problems. Without them, the product quality would slip
below the waves. Most of the thousand people on staff
are knob polishers, but someone has to answer the
phones in Tech Support. "Did you turn it OFF and ON again?"

The new issue will get fixed. But that result may not be
news worthy enough to earn someone writing news stories,
the "buck-a-word" they deserve.

Paul

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)