Overview
- Apple published a support document Monday that clarifies when macOS Tahoe 26.4 will block pasted Terminal commands and how the alerts work.
- The system shows a 'Possible Malware, Paste Blocked' warning when a user who does not regularly use Terminal pastes a command copied from a website, chat, email, or similar online source.
- For lower‑severity 'Possible Malware' warnings macOS offers a 'Paste Anyway' button, while two higher‑severity alerts — 'Malware Detected, Paste Blocked' and 'Malicious Script Blocked' — indicate known malware and do not allow override.
- Apple limits the frequency of the beginner warning for regular Terminal users so developers and sysadmins are not repeatedly interrupted, and it provides a way to report suspected false positives.
- The change targets social‑engineering attacks that tell people to paste commands (often called ClickFix) because pasted commands run with user privilege and can bypass other protections.