Prevent Spotlight Importer Exploits

Spotlight importers have been used as a persistence trick for a while. Microsoft recently disclosed a variant of this vulnerability they called "Sploitlight" (CVE-2025-31199), which exploits Spotlight importer plugins to bypass Apple's Transparency, Consent, and Control (TCC) protections. This lets attackers exfiltrate sensitive data from protected directories without user consent. While Apple patched this vulnerability in macOS 15.4, macOS 26 remained vulnerable.

Spotlight importers are plugins (.mdimporter bundles) that help macOS index specific file types for search. They run in sandboxed mdworker processes with privileged access to files they're indexing. The problem is that attackers can create or modify unsigned importer bundles, drop them into user-writable directories like ~/Library/Spotlight, and abuse their privileged access to read files normally protected by TCC. This allows attackers to read things like the Pictures and Apple Intelligence databases, which contain geolocation data, facial recognition metadata, and iCloud-linked device information. Since these databases are synced across devices via iCloud, compromising a single device could leak all of your data.

With Workshop and Santa's file access rules, simply lock down Spotlight directories to prevent access. You can also lock down sensitive files like the Apple Intelligence Database so that any future variants still can't get at these crown jewel files.

The first rule blocks writes to Spotlight directories, preventing attackers from dropping malicious importer bundles. The second rule protects sensitive databases that contain valuable user data.

These rules work together to prevent Sploitlight-style attacks even on unpatched systems.

Very few legitimate applications need to install Spotlight importers. If your organization uses custom Spotlight importers, add exceptions for those specific applications by their signing ID and team ID.