diff --git a/src/Microsoft.TestPlatform.CoreUtilities/Helpers/DotnetHostHelper.cs b/src/Microsoft.TestPlatform.CoreUtilities/Helpers/DotnetHostHelper.cs
index d71c2f24d5..d9bc7043f4 100644
--- a/src/Microsoft.TestPlatform.CoreUtilities/Helpers/DotnetHostHelper.cs
+++ b/src/Microsoft.TestPlatform.CoreUtilities/Helpers/DotnetHostHelper.cs
@@ -23,6 +23,13 @@ public class DotnetHostHelper : IDotnetHostHelper
 {
     public const string MONOEXENAME = "mono";
 
+    // Mach-O magic numbers from https://en.wikipedia.org/wiki/Mach-O
+    private const uint MachOMagic32BigEndian = 0xfeedface;    // 32-bit big-endian
+    private const uint MachOMagic64BigEndian = 0xfeedfacf;    // 64-bit big-endian
+    private const uint MachOMagic32LittleEndian = 0xcefaedfe; // 32-bit little-endian
+    private const uint MachOMagic64LittleEndian = 0xcffaedfe; // 64-bit little-endian
+    private const uint MachOMagicFatBigEndian = 0xcafebabe;   // Multi-architecture big-endian
+
     private readonly IFileHelper _fileHelper;
     private readonly IEnvironment _environment;
     private readonly IWindowsRegistryHelper _windowsRegistryHelper;
@@ -414,6 +421,14 @@ public bool TryGetDotnetPathByArchitecture(
             ReadExactly(headerReader, cpuInfoBytes, 0, cpuInfoBytes.Length);
 
             var magic = BitConverter.ToUInt32(magicBytes, 0);
+
+            // Validate magic bytes to ensure this is a valid Mach-O binary
+            if (magic is not (MachOMagic32BigEndian or MachOMagic64BigEndian or MachOMagic32LittleEndian or MachOMagic64LittleEndian or MachOMagicFatBigEndian))
+            {
+                EqtTrace.Error($"DotnetHostHelper.GetMuxerArchitectureByMachoOnMac: Invalid Mach-O magic bytes: 0x{magic:X8}");
+                return null;
+            }
+
             var cpuInfo = BitConverter.ToUInt32(cpuInfoBytes, 0);
             PlatformArchitecture? architecture = (MacOsCpuType)cpuInfo switch
             {