9to5Mac Security Bite is brought to you exclusively Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and secure for the enterprise is what we’re all about. Our uniquely integrated approach to management and security combines state-of-the-art Apple-specific security solutions with the most powerful and modern Apple MDM on the market for fully automated Hardening and Compliance, Next Generation EDR, AI-powered Zero Trust and exclusive Privilege Management. The result is a fully automated Apple Unified Platform that is now trusted by over 45,000 organizations to get millions of Apple devices up and running effortlessly and affordably. Request your EXTENDED TRIAL SPEED Today and find out why Mosyle is everything you need to work with Apple.
With release macOS 26.4Apple is now warning users about to inject malicious code into Terminal. It’s the latest stab at cybercriminals’ newest and, frankly, even more desperate attack vector for unsuspecting Mac users to infect themselves.
With the release of macOS Sonoma in 2023, Apple struck the fatal blow Learn how malware can bypass Gatekeeper, your Mac’s built-in firewall. The update no longer allows users to right-click and open malware that has not been signed and notarized by Apple.
This was a damaging change for cybercriminals who relied on the popular bypass method to infect Macs.
Cybercriminals quickly moved on to a new social engineering tactic: tricking users into manually running malicious commands in Terminal. You’ve probably seen these attacks floating around. I’ve certainly paid my fair share of Security Bite. The malware download instructs the user to copy a command, open a Terminal, and enter it.
It’s gross, but it works. And it worked a lot lately.
The attack bypasses essentially every layer of protection Apple has built into macOS. Even Gatekeeper can’t save you from yourself. The system sees this as a legitimate user action. You opened Terminal, pasted the command, hit Enter. As for MacOS, you wanted to do it.
These attacks are usually carried out through malware downloads from fake websites, direct messages and other delivery methods. More recently, I’ve seen OpenAI’s imputation on everything from the Atlas browser to Google Chrome. The bar to prevent this is incredibly low, which is why it has become a staple for threat actors who have missed out on a Gatekeeper solution.
But now it seems that Apple is going even further to protect users.
New in MacOS Tahoe 26.4, Mac will now warn you when you paste Terminal commands copied from Safari or other applications, and will flag anything that could potentially harm your system. If macOS detects something suspicious, it will prompt before the command is executed, giving you a chance to stop and think before doing something you can’t undo.
Apple strikes again here. This is a very small security change, but a useful one that will protect users who need it most. For someone less Mac-savvy following instructions from a malicious download, it could be the difference between being safe and being compromised.
Follow Arin Waichulis: LinkedIn, Topics, X
Subscribe to 9to5Mac Security Bite Podcast For two weeks of deep dives and interviews with leading Apple security researchers and experts:
FTC: We use automatic affiliate links that generate income. More.
