A recent Netskope Threat Labs report details a macOS ClickFix campaign that lures users into pasting malicious scripts in Terminal. Attackers disguise prompts as CAPTCHA or browser updates, then display an AppleScript dialog that endlessly requests the password. Once entered, the malware extracts the Keychain and browser cookies, bypassing MFA. The stolen credentials enable attackers to hijack accounts, exfiltrate data, and move laterally across networks.

Apple responded today in macOS Sequoia and the upcoming Tahoe 26.4 build with a native Terminal security warning that blocks paste commands from untrusted sources. Devices that run the latest OS receive immediate protection. Deferring updates for the traditional 90-day window therefore leaves fleets exposed to attacks that newer releases already mitigate.

Given AI‑driven threats, analysts urge shrinking the deferral period to 30‑45 days. Companies unable to test apps quickly face vendor‑level issues, not Apple’s. Tightening policies forces faster critical OS‑level mitigations and shrinks the enterprise Mac attack surface. Adopting a shorter cycle also simplifies compliance reporting and aligns macOS with platforms that push monthly patches. IT teams should deem the 90-day window still obsolete.