With the release of macOS 26.4, Apple began warning users when trying to paste malicious commands into the Terminal application, in a new step to counter the social attack method that hackers relied on to infect Mac devices.
Previously in 2023 with macOS Sonoma, Apple turned off the ability for users to bypass Gatekeeper via right-clicking and opening unsigned apps, forcing hackers to turn to tricking users into running malicious commands themselves in Terminal.
This method bypasses all layers of protection, as the system considers pasting the command by the user to be an intentional action.
Now, macOS Tahoe 26.4 adds an additional layer of protection, as the system displays a warning when potentially malicious commands are detected before they are executed, giving the user a chance to stop the process and think before causing any irreversible damage.
