Apple macOS faces two concurrent threats this week: a reported privilege escalation (CVE-2026-39118) that allows standard users to disable Kandji MDM and CrowdStrike Falcon EDR via XPC service abuse, and a separately documented Rust-based malware strain (Gaslight) that embeds prompt injection payloads to evade AI-assisted analysis pipelines. No patch is available for CVE-2026-39118 as of this date; Apple’s official advisory had not been published at time of publication. Both issues affect managed macOS enterprise fleets and together create a compounding risk: the EDR can be disabled before or during a Gaslight-style infection.