ClickFix is a sophisticated social engineering technique first observed in the wild in 2024 that tricks users into manually pasting malicious commands into their Terminal.
Threat actors lure victims through fake CAPTCHA tests, counterfeit error messages, or fraudulent software installers, instructing them to copy a text string and paste it directly into the macOS Terminal.
Because the user manually initiates the action, the operating system treats the command as authorized, bypassing standard security filters entirely.
Once executed, these commands typically download and install malware such as the MacSync infostealer, harvesting sensitive data including Keychain credentials, browser cookies, and cryptocurrency wallet details, often running entirely in memory to evade detection.
ClickFix was reportedly responsible for more than half of all malware loader activity in 2025.
When a user copies a potentially dangerous command from Safari and attempts to paste it into Terminal, macOS Tahoe 26.4 now delays execution and displays a prominent warning dialog.
The alert reads: “Possible malware, Paste blocked. Your Mac has not been harmed. Scammers often encourage pasting text into Terminal to try to harm your Mac or compromise your privacy.
These instructions are commonly offered via websites, chat agents, apps, files, or a phone call.
Users are presented with a primary “Don’t Paste” button to abort the action, alongside a secondary “Paste Anyway” option for legitimate administrative tasks.
The protection targets the core mechanism of pastejacking: the near-instant paste-and-execute sequence that attackers depend on, especially since commands with a trailing newline execute immediately without pressing Return.
By inserting a mandatory confirmation step at the moment of paste, Apple interrupts this attack chain before any harm occurs.
Notably, Apple did not mention this Terminal safeguard in the official macOS Tahoe 26.4 release notes, which focused on developer tool updates and SwiftUI fixes.
The feature was independently discovered by the security community after the release candidate build became available.
According to user testing, the warning appears only once per Terminal session rather than on every paste, preventing disruption for experienced developers.
By adding this layer of friction, Apple aims to shield less technical users from inadvertently compromising their own systems, while still allowing advanced users to proceed with legitimate commands through the “Paste Anyway” option.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google
The post Apple’s macOS Tahoe Introduces Protection Against ClickFix Attacks appeared first on Cyber Security News.
Hackers are using telecom networks and hosting providers across the Middle East as a foundation…
A large-scale phishing campaign targeting the 2026 FIFA World Cup has grown far beyond what…
Russian state-sponsored threat groups significantly stepped up their cyber operations in 2025, using a range…
A widely-used JavaScript templating library called art-template has been weaponized to deliver a sophisticated iOS…
A hacker group known as INJ3CTOR3 has been running an active campaign against FreePBX systems,…
A newly discovered banking trojan is targeting Brazilians by disguising itself as a legitimate electronic…
This website uses cookies.