macOS Tahoe 26.4 blocks ClickFix paste attacks in Terminal - update your Mac fleet now

Apple shipped an undocumented security feature in macOS Tahoe 26.4 that directly targets ClickFix attacks - the social engineering technique behind the Infinity Stealer campaign we covered last week. When a user tries to paste a potentially harmful command into Terminal, macOS now intercepts it with a warning before anything executes. The feature only covers Apple's built-in Terminal app, not third-party alternatives like iTerm2. A 'Paste Anyway' option remains for power users.

Check

Check if your Mac fleet is running macOS Tahoe 26.4 or later.

Affected

Any macOS user on versions prior to 26.4 who may encounter ClickFix social engineering attacks via fake CAPTCHA pages or tech support sites.

Fix

Update to macOS Tahoe 26.4. Push the update via MDM for managed fleets. Train staff to never paste commands from websites into Terminal regardless of the prompt - the protection only covers Terminal.app, not third-party terminals.