Apple’s Latest macOS Tahoe 26.4 Update Hopes To Protect Against ClickFix

Stop Hurting Yourself

There is a new undocumented feature in macOS Tahoe 26.4 which hopes to reduce the number of Apple users infecting themselves via a problem called ClickFix.   That is a nice way of describing an attacker convincing an Apple user to copy and paste a command into Terminal and hitting enter.  As you should guess, that command is not intended to do what the scammer says it does, instead it will infect the Mac with whatever malware that scammer would like.  This is a great way to gain local access to a Mac to leverage a vulnerability without needing to actually get hold of the laptop since the user conveniently infects themselves.

ClickFix is a great way to infect less technically inclined Mac users, since they are barely aware of the existence of Terminal, let alone that it can be used to do horrible things to their Mac.  The latest update now shows a warning when someone tries to run a command instead of running it immediately.  The warning informs the user that this is often used as a way to infect computers and that they shouldn’t paste the command unless they know exactly what it does.

You can ignore the warning and paste the command anyway, and it is likely many will, but it also means that those who know what they are doing can still use Terminal as they need.