RSS
← All articles
defense
2026-03-30

macOS Tahoe 26.4 blocks ClickFix paste attacks in Terminal - update your Mac fleet now

Apple shipped an undocumented security feature in macOS Tahoe 26.4 that directly targets ClickFix attacks - the social engineering technique behind the Infinity Stealer campaign we covered last week. When a user tries to paste a potentially harmful command into Terminal, macOS now intercepts it with a warning before anything executes. The feature only covers Apple's built-in Terminal app, not third-party alternatives like iTerm2. A 'Paste Anyway' option remains for power users.

applemacosclickfixterminalsocial-engineering
Check
Check if your Mac fleet is running macOS Tahoe 26.4 or later.
Affected
Any macOS user on versions prior to 26.4 who may encounter ClickFix social engineering attacks via fake CAPTCHA pages or tech support sites.
Fix
Update to macOS Tahoe 26.4. Push the update via MDM for managed fleets. Train staff to never paste commands from websites into Terminal regardless of the prompt - the protection only covers Terminal.app, not third-party terminals.
Related Articles
breachFoxconn confirms cyberattack on North American factories - Nitrogen ransomware crew claims 8 TB stolen including Apple, Intel, Google, Dell, and Nvidia project files
threatMac malware campaign uses Google ads and 'Apple Support' Claude.ai chats to install infostealer
threatVietnamese fraudsters used Google's no-code app platform to send Facebook phishing emails that passed every spam check, then sold the stolen accounts back to victims