🖥️ Mac Platform Intelligence — Week of March 9, 2026
Microsoft March 2026 Patch Tuesday — 83 CVEs — Tenable
8 Critical / 75 Important. Patches Azure Entra ID, Microsoft Office for Mac, and Microsoft Authenticator. Action: Update Office for Mac to 16.107 immediately.
↗ Read more
Adobe Acrobat Reader for macOS < 25.001.21288 — APSB26-26 — Adobe
CVE-2026-27220 & CVE-2026-27278 (Use After Free → code execution); CVE-2026-27221 (signature bypass → privilege escalation). Action: Update via Jamf to 25.001.21288+.
↗ Read more
ZDI-26-173: Apple macOS Audio APAC RCE (CVE-2026-20611, CVSS 7.8) — Zero Day Initiative
Out-of-bounds write in macOS audio frame decoding allows RCE via malicious file or page. No known active exploit. Patch expected in upcoming Apple security update.
↗ Read more
Critical ExifTool Flaw — macOS Code Execution via Tampered Image — Kaspersky GReAT
Code execution via malformed image through ExifTool. CVE not yet confirmed. Action: Verify against Kaspersky advisory; relevant to AutoPkg and image-processing workflows.
↗ Read more
macOS 26.3.2 (25D2140) Released — March 10 — Apple
Point release for macOS 26.3.x. Review Apple's HT article for CVE list and deploy via Jamf as applicable.
↗ Read more
macOS 26.4 Beta 4 (25E5233c) — Apple Developer
Fourth developer beta released March 9. No production fleet impact; available for seed-test machines.
Microsoft Entra Passkeys for Phishing-Resistant Windows Sign-In — BleepingComputer
Entra passkey rollout via Windows Hello. Underlying identity changes affect cross-platform auth posture — monitor for macOS Platform SSO implications.
↗ Read more
Microsoft 365 Apps Cloud Update: Three Management Enhancements — Microsoft 365 Roadmap
New: Descriptive Error reporting, Simplified Channel Management via Entra ID groups, Enhanced Rollout Waves for staged M365 deployments.
↗ Read more
Microsoft Investigates Classic Outlook Sync and Connection Failures — BleepingComputer
Active investigation into sync failures in classic Outlook desktop. Monitor for impact on macOS Outlook users.
↗ Read more
Evil Evolution: ClickFix and macOS Infostealers — Sophos X-Ops
Three active campaigns using ClickFix specifically targeting macOS with evolving infostealer payloads (MacSync variant). User awareness and browser controls are primary mitigations.
↗ Read more
Contagious Interview: Developer Backdoors via Fake Recruiter Interviews — Microsoft Security Blog
OtterCookie and FlexibleFerret backdoors delivered via fake coding assessments targeting developers. Steals API tokens, cloud credentials, source code. Advise developer staff to treat unsolicited recruiter contact with elevated scrutiny.
↗ Read more
Malicious npm @openclaw-ai Deploys RAT, Steals macOS Credentials — Malware News
Trojanized npm package deployed a RAT on macOS and harvested credentials. Review and audit npm environments on developer Macs.
↗ Read more
The Claude Code Trap: Malvertising Hijacks Developer Terminals — Bitdefender
Fake Google Ads for "Claude Code" deliver terminal-hijacking malware via ClickFix. Advise caution with Google Ads results when searching for developer tooling.
↗ Read more
Google Chrome for Desktop — Three Security Releases (Mar 10, 12, 13) — Google
Brings Chrome to 146.0.7680.80+. CVEs: CVE-2026-3909 (Skia OOB write), CVE-2026-3910 (V8 sandbox), CVE-2026-3919 (UAF Extensions), CVE-2026-3921 (UAF TextEncoding). Action: Update fleet Chrome to 146.0.7680.80+.
↗ Mar 12 ·
↗ Mar 13