{"data":{"id":"01670085-d1db-40a5-a294-1c0e4859112d","title":"From Indirect Prompt Injection to DNS Exfiltration in macOS Terminal","summary":"Researchers discovered a vulnerability where LLMs (large language models) could be tricked through prompt injection (hiding malicious instructions in data) to emit ANSI escape codes (special terminal control sequences), which macOS Terminal would interpret as commands to make DNS requests (requests that translate domain names to IP addresses) containing stolen data. Apple fixed this behavior in macOS Tahoe 26.1, released November 3, 2025, so the vulnerable escape sequences no longer trigger DNS requests.","solution":"Apple addressed the issue in macOS Tahoe 26.1, released on November 3, 2025. After installing the update, the same escape sequence no longer triggers a DNS request in the Terminal app.","labels":["security","research"],"sourceUrl":"https://embracethered.com/blog/posts/2026/macos-terminal-dillma-dns-exfil-ansi-escape-code-fix/","publishedAt":"2026-07-16T09:13:18.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"medium","attackType":["prompt_injection","data_extraction"],"issueType":"news","affectedPackages":null,"affectedVendors":["Apple"],"affectedVendorsRaw":["Apple","macOS Terminal"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-07-16T09:13:18.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}