A critical design quirk in macOS Terminal has been addressed by Apple, closing a vector that allowed attackers to perform unauthorized DNS data transfers simply by manipulating text output. Known via the "Terminal DiLLMa" research, this technique leveraged ANSI escape codes to force the Terminal application to initiate DNS requests.
For defenders, this highlights the evolving risk of "client-side" data exfiltration where the mere rendering of a text file—such as a log file or script output containing malicious payloads—can trigger network activity. While Apple has issued a fix, unpatched systems remain susceptible to data theft and command-and-control (C2) communications that bypass traditional outbound firewall rules focused on standard application protocols.
Technical Analysis
Affected Products and Platforms
- Platform: macOS (Intel and Apple Silicon)
- Application: Terminal.app (default terminal emulator)
The Vulnerability: ANSI Escape Code Abuse The core issue lies in how the macOS Terminal parses specific ANSI escape sequences. Specifically, certain sequences (often Operating System Command or OSC sequences) can be crafted to instruct the Terminal emulator to perform actions beyond simple text formatting. In this case, the sequences were manipulated to trigger DNS resolution.
Attack Chain
- Payload Delivery: An attacker places a malicious string (containing the specific ANSI escape codes) into a file accessible to the victim (e.g., a downloaded script, a log file in a shared directory, or output from a compromised application).
- Visualization Trigger: The victim uses
cat,less, or simply opens the file in the macOS Terminal. The terminal emulator parses the escape codes to render the text. - Unauthorized Network Action: Upon parsing the malicious sequence, the Terminal application itself initiates a DNS request to a domain controlled by the attacker.
- Exfiltration: By embedding data into the subdomain (e.g.,
exfiltrated-data.attacker.com), the attacker can transmit sensitive information out of the restricted environment via DNS queries, which are often permitted through firewalls.
Exploitation Status
- Status: Patched by Apple.
- In-the-Wild: Demonstrated via Proof-of-Concept (PoC) in the "Terminal DiLLMa" research.
- CVE: No CVE identifier was published in the vendor advisory accompanying this fix; the remediation is tied to general macOS OS updates.
Detection & Response
SIGMA Rules
---
title: Potential macOS Terminal DNS Exfiltration via ANSI Codes
id: 8a4d2e1f-9c3b-4a5e-8f1d-2c3b4a5d6e7f
status: experimental
description: Detects macOS Terminal.app initiating DNS requests on port 53, which may indicate exploitation of ANSI escape code exfiltration techniques.
author: Security Arsenal
date: 2026/04/06
references:
- https://embracethered.com/blog/posts/2026/macos-terminal-dillma-dns-exfil-ansi-escape-code-fix/
tags:
- attack.exfiltration
- attack.t1048.001
logsource:
category: network_connection
product: macos
detection:
selection:
Image|endswith: '/Terminal'
DestinationPort: 53
filter_legit:
DestinationIp|startswith:
- '127.'
- '192.168.'
- '10.'
- '172.16.'
condition: selection and not filter_legit
falsepositives:
- Legitimate DNS lookups performed by user commands inside Terminal (nslookup, dig) - Note: This rule targets the Terminal binary itself connecting, not child processes.
level: high
---
title: macOS Files Containing Suspicious ANSI Escape Sequences
id: 1b5e3f2a-0d4c-4e9a-8b2c-3d4e5f6a7b8c
status: experimental
description: Detects files containing OSC-8 or other ANSI escape sequences often used to trigger terminal behavior, potentially indicative of DiLLMa payload staging.
author: Security Arsenal
date: 2026/04/06
tags:
- attack.initial_access
- attack.t1190
logsource:
product: macos
category: file_event
detection:
selection:
TargetFilename|contains:
- '.txt'
- '.sh'
- '.log'
condition: selection
# Note: Content inspection requires EDR capable of scanning file data.
# This rule placeholder assumes the EDR logs file creation events where content analysis is possible or metadata indicates anomalies.
# In practice, use VQL for content scanning.
falsepositives:
- Legitimate files with colored output formatting
level: low
KQL (Microsoft Sentinel / Defender)
// Hunt for macOS Terminal initiating DNS connections (Potential Exfil)
DeviceNetworkEvents
| where Timestamp > ago(7d)
| where OSPlatform == "MacOS"
| where InitiatingProcessFileName == "Terminal"
| where RemotePort == 53
| where not(IPv4IsInSubnet(RemoteIP, "10.0.0.0/8") or
IPv4IsInSubnet(RemoteIP, "172.16.0.0/12") or
IPv4IsInSubnet(RemoteIP, "192.168.0.0/16") or
IPv4IsInSubnet(RemoteIP, "127.0.0.0/8"))
| project Timestamp, DeviceName, InitiatingProcessAccountName, RemoteIP, RemoteUrl, RemotePort
| summarize Count = count() by DeviceName, RemoteUrl, bin(Timestamp, 5m)
| order by Count desc
Velociraptor VQL
-- Hunt for files containing specific ANSI escape sequences (OSC 8 links)
-- that could be used to trigger DNS requests in macOS Terminal
SELECT FullPath, Size, Mtime
FROM glob(globs='/*/*.txt', root='/')
WHERE
read_file(filename=FullPath, length=10000) =~ '\x1b\\]8;;'
OR read_file(filename=FullPath, length=10000) =~ '\x1b\\]5;'
-- Supplemental: Check for running Terminal processes making unusual connections
SELECT Pid, Name, Exe, Cmdline
FROM pslist()
WHERE Name =~ 'Terminal'
Remediation Script (Bash)
#!/bin/bash
# Script to verify macOS patch level for Terminal DNS Exfil fix
# Note: Check specific Apple Security Release documentation for the exact build number
# corresponding to the fix for 'Terminal DiLLMa' / ANSI DNS exfiltration.
echo "Checking macOS Version and Patch Status..."
# Get current OS version
os_version=$(sw_vers -productVersion)
build_version=$(sw_vers -buildVersion)
echo "Current macOS Version: $os_version (Build: $build_version)"
# Logic placeholder: Compare against known patched versions.
# Since CVEs are not used in this update, we rely on the release date of the fix (2026).
# Ensure the system is updated to the latest 2026 security release.
echo ""
echo "Action Required:"
echo "1. Navigate to System Settings > General > Software Update."
echo "2. Install all available macOS updates."
echo "3. Restart the machine to apply patches to Terminal.app."
echo "Verifying if softwareupdate tool reports available updates..."
softwareupdate -l
Remediation
1. Patch Management The primary remediation for this issue is applying the latest macOS security updates released by Apple in 2026. Apple has modified the behavior of the Terminal application to prevent the automatic processing of these specific DNS-triggering escape sequences.
- Action: Update all macOS endpoints to the latest macOS release.
- Verification: Ensure
System Settings > General > Software Updateshows "Up to date" referencing the latest 2026 security patches.
2. Network Monitoring (Defense in Depth) Even with the patch, DNS-based exfiltration remains a high-risk vector for other techniques.
- DNS Filtering: Implement DNS filtering (RPZ) to block requests to known malicious domains and newly registered domains.
- Traffic Analysis: Monitor for high volumes of DNS requests originating from single endpoints, especially requests with long hostname strings (characteristic of data tunneling).
3. User Awareness
Educate developers and power users about the risks of cat-ing unknown files in the terminal. While the patch fixes this specific vector, the underlying concept of "Terminal visual execution" attacks persists in other contexts.
Related Resources
Security Arsenal Penetration Testing Services AlertMonitor Platform Book a SOC Assessment vulnerability-management Intel Hub
Is your security operations ready?
Get a free SOC assessment or see how AlertMonitor cuts through alert noise with automated triage.