macOS 26.4.1

Juli Clover (no release notes, no security, enterprise, no developer, full installer, IPSW):

macOS Tahoe 26.4.1 addresses an issue that could cause the M5 MacBook Air and M5 Pro/Max MacBook Pro models to fail to join 802.1X Wi-Fi networks when using content filter extensions.

See also Mr. Macintosh and Howard Oakley.

Previously:

• macOS 26.4
• MacBook Air 2026
• MacBook Pro 2026

Mac macOS Release macOS Tahoe 26 Wi-Fi

iOS 26.4.1 and iPadOS 26.4.1

Juli Clover (iOS/iPadOS release notes, no security, enterprise, no developer):

According to Apple’s release notes, the software updates contain unspecified “bug fixes.”

Benjamin Mayo:

While the official release notes were vague, a thread on the developer forums indicates it actually fixes a significant bug related to iCloud data syncing.

Developers had noticed that iPhones running 26.4 would stop receiving iCloud change notifications, which impacted cloud data sync for apps that use CloudKit framework, including Apple’s own Passwords app.

[…]

The bug exists on iPadOS 26.4.0 as well, but macOS Tahoe 26.4 was not afflicted by the same issue.

Adam Engst:

Apple, would it kill you to acknowledge what the bug affected in the release notes? Something like, “Fixes an issue where data synced by iCloud may not appear immediately.”

Apple (MacRumors):

Stolen Device Protection will be automatically enabled on devices that update from iOS 26.4 to iOS 26.4.1.

Adam Engst:

I tested this explicitly with my update, turning Stolen Device Protection off before I installed, and checking immediately afterward, where it remained off.

I don’t understand why Apple keeps announcing that it’s doing this and then not actually doing it, or perhaps only doing it for certain users. If, like me, you don’t want Stolen Device Protection, the idea of being opted into it is a bit scary. If you do want it, you may now have a false sense of security unless you check that it was actually enabled.

Previously:

• Notes From Setting Up New Apple Devices
• CloudKit Problems With iOS 26.4
• iOS 26.4 and iPadOS 26.4
• iOS 26.4: Stolen Device Protection Enabled by Default

CloudKit iOS iOS 26 iOS Release iPadOS iPadOS 26 iPadOS Release Stolen Device Protection

ClickFix Now Uses Script Editor Instead of Terminal

Thijs Xhaflaire (via Andrew Orr):

Unlike traditional ClickFix campaigns that instruct users to paste commands directly into Terminal, the discovered variant uses a browser-triggered workflow to launch Script Editor.

[…]

• The page leverages an applescript:// URL scheme
• Clicking the “Execute” button invokes this URL scheme from the browser
• The browser prompts the user to allow Script Editor to open
• Once opened, a pre-filled script is presented for execution

[…]

This payload uses base64 encoding combined with gzip compression to obscure its contents before execution.

Previously:

• macOS 26.4 Paste Protection

AppleScript Mac macOS Tahoe 26 Malware Security URL Web