MacOS 26.4 Adds Warnings For ClickFix Attacks to Its Terminal App (macrumors.com)
- Reference: 0181163838
- News link: https://apple.slashdot.org/story/26/03/28/2055255/macos-264-adds-warnings-for-clickfix-attacks-to-its-terminal-app
- Source link: https://www.macrumors.com/2026/03/25/macos-26-4-terminal-security-feature/
> [1]ClickFix attacks are ramping up. These attacks have users copy and paste a string to something that can execute a command line — like the Windows Run dialog, or a shell prompt.
>
> But [2] MacRumors reports that macOS 26.4 Tahoe (updated earlier this week) introduces a new feature to its Terminal app where it will detect ClickFix attempts and stop them by prompting the user if they really wanted to run those commands.
According to MacRumors, the warning readers "Possible malware, Paste blocked."
"Your Mac has not been harmed. Scammers often encourage pasting text into Terminal to try and harm your Mac or compromise your privacy...."
There is also a "Paste Anyway" option if users still wish to proceed.
[1] https://it.slashdot.org/story/25/11/11/2233201/clickfix-may-be-the-biggest-security-threat-your-family-has-never-heard-of
[2] https://www.macrumors.com/2026/03/25/macos-26-4-terminal-security-feature/
This reminds me of something (Score:3)
Back in the day, AOL attempted to address phishing scams by putting a disclaimer at the bottom of IM windows. Something along the lines of "Reminder: AOL staff will never ask for your password or billing information". Problem was, people who were foolish enough to fall for social engineering scams don't pay much attention to those sort of warnings, either.
Seems like all the scammers will have to do is update their instructions to include "Please disregard the pop-up and click Paste Anyway ".
Re: (Score:3)
Reply "yes", then close and reopen this message to activate the link.
No matter how idiot-proof you make technology, God will always create a better idiot. That's why the right way to solve this problem is:
Make it as hard as possible for users to accidentally do something that is irreversible, and as easy as possible to roll back even serious mistakes. This means, among other things, keeping more than just a single backup. (Apple, I'm talking about your borderline useless iCloud backups here when I say t
It's a start (Score:2)
I can imagine Apple later removing the "paste anyway" option and requiring you to go to Settings > Privacy to confirm the action, like how they've done with running apps downloaded off of the internet
And the Apple haters squawk. (Score:2)
If someone can’t type a long command into a terminal without typos, they probably should not be using a terminal for anything other than basic commands anyway.
Re:And the Apple haters squawk. (Score:5, Informative)
True but useless. For a long complex commandline input, it saves a lot of work to be able to paste it in. Not to mention the possibility that a typo might have undesirable consequences.
Apple asks users to copy-paste into a terminal (Score:2)
> If someone can’t type a long command into a terminal without typos, they probably should not be using a terminal for anything other than basic commands anyway.
The funny thing is that Apple sometimes asks users to copy-paste a string they provide into a terminal. For example when creating a flash drive with an installable version of macOS.
Question (Score:2)
Can you disable all the safety features on a modern Mac and have it behave like an old school unix box? You know run su and then accidentally do something dumb? I mean we all survived those days.
Re: (Score:3)
Current versions of MacOS have something called "System Integrity Protection" which restricts certain directories from being tampered with even in a su'd shell. It can be disabled, but it's a very off-label way to run the OS and the consequences could be ... spicy.
Re: (Score:3)
> You know run su and then accidentally do something dumb?
I'm pretty sure my Mac will let me run su and then send a text to my ex, but I'm not going to try it.
Re: (Score:2)
Yes you can. You have to boot into recovery mode and then change the security level. This is already something you have to do to load third-part (even signed) kexts, which are sometimes required for certain types of presumably poorly written (or not Apple-blessed) hardware drivers.
Apparently this is even still possible on the iPhone chipped MacBook Neo.
Re: (Score:2)
Make it togglable and default to "on". Problem solved.
Re: (Score:2)
Problem wide open. Microsoft already thought of this solution at least 25 years ago.
They implemented warnings by interrupting the code, opening a pop-up window with two options: proceed or bloc?. I'll give you a guess how that panned out.
There is only one outcome when users are repeatedly interrupted for security reasons. They learn to press yes without even reading the message, while being annoyed by the interruption. Black hats love that.
Re: (Score:2)
I remember those days where it would warn if there was any scripting at all, rather than look for dangerous commands first.
Just as a thought, not bothering if the script cannot reach outside of the document itself. Functions that access other files or documents, email functionality, and such triggering the warning instead would have been more effective.
Re: (Score:2)
Those are the sort of assumptions hackers love as invariably the dev can't think of every scenario.
Re: (Score:2)
I don't think this is really comparable.
Most macOS users probably never touch the terminal and so will hopefully be more likely to read before clicking the red button, and this message doesn't look like a typical macOS elevation prompt.