GoKawiil9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
With the release of macOS 26.4, Apple is now warning users who it believes are about to paste malicious code into Terminal. The prompt is the latest blow to cybercriminals’ newest and, honestly, more desperate attack vector of getting unsuspecting Mac users to infect themselves.
Back in 2023 with the release of macOS Sonoma, Apple dealt a deadly blow to how malware could bypass your Mac’s built-in safeguard, Gatekeeper. The update no longer allowed users to right-click and open malicious applications that weren’t signed and notarized by Apple.
This was a detrimental change for cybercriminals who relied on that popular bypass method to infect Macs.
Cybercriminals quickly pivoted to a new social engineering tactic: tricking users into manually running malicious commands in Terminal. You’ve probably seen these attacks floating around. I’ve certainly covered my fair share on Security Bite. A malicious app download instructs the user to copy a command, open Terminal, and paste it in.
It’s crude, but it works. And it’s been working a lot lately.
The attack essentially bypasses every layer of protection Apple has built into macOS. Not even Gatekeeper can save you from yourself. The system sees it as a legitimate user action. You opened Terminal, you pasted the command, you hit Enter. As far as macOS is concerned, you meant to do that.
These attacks are usually carried out via malicious app downloads from fake websites, direct messages, and other methods of delivery. Recently, I’ve seen impersations of everything from OpenAI’s Atlas browser to Google Chrome. The bar for pulling this off is incredibly low, which is exactly why it’s become the go-to for threat actors who lost their Gatekeeper workaround.
But now it looks like Apple is pushing even further to protect users.
New in macOS Tahoe 26.4, your Mac will now warn you when you paste Terminal commands copied from Safari or other apps, flagging anything that could potentially harm your system. If macOS detects something suspicious, it’ll display a prompt before the command executes, giving you a chance to stop and think before doing something you can’t undo.
... continue reading