Microsoft, Apple, and Google Address Critical Security Flaws in March Updates

March's Patch Tuesday fixes six actively exploited zero-days, with updates also released by Apple, Google, and Adobe to counter urgent vulnerabilities.

Microsoft's March Patch Tuesday addressed 57 vulnerabilities, including six actively exploited zero-day flaws and six rated as critical.
Key Microsoft vulnerabilities include NTFS bugs that allow remote code execution and information disclosure, often requiring user interaction with malicious VHD files.
Apple patched a Safari sandbox bypass vulnerability, CVE-2025-24201, exploited in highly targeted attacks potentially linked to advanced surveillanceware actors.
Google released over 40 Android patches, including fixes for two actively exploited flaws: a Linux kernel memory leak and a privilege escalation vulnerability in the Android Framework.
Adobe resolved critical vulnerabilities across multiple products, including Acrobat, Illustrator, and Substance 3D tools, with many enabling arbitrary code execution.