Fake Apple macOS or iOS Software Update Scam
Malicious websites or pop-ups claim a critical Apple software update is required and prompt users to download a file that installs malware, credential-stealing software, or a fake antivirus on their Mac or iPhone.
Part of: Fake Software Update Scams
Last reviewed: 7 June 2026
Apple regularly releases software updates for macOS and iOS that include important security patches — and Apple communicates the importance of keeping devices updated. Scammers mimic both the look of Apple's system notifications and Apple's update-promotion web pages to trick users into downloading malicious software.
The attack targets Mac users more frequently than iPhone users, because iPhones only install apps from the App Store while Macs can run files downloaded from anywhere. However, iPhone users can be targeted via browser-based social engineering that steals credentials without requiring a download.
A convincing fake 'Your macOS is out of date' pop-up can lead to the installation of adware, spyware, or password-harvesting tools under the guise of a legitimate Apple update.
How this scam works on the Apple brand
Apple delivers genuine macOS updates exclusively through System Settings (or System Preferences on older macOS) under Software Update — never through a browser pop-up or a downloaded installer file from a website. iOS updates are delivered through Settings > General > Software Update. Apple's update pages at apple.com/macos describe updates but link to the built-in update mechanism, not to standalone download files.
Fake update pop-ups appear on malicious or compromised websites, mimicking the Apple system-dialog visual style with the Apple logo, macOS typography, and a progress indicator. They offer a 'Download Update' button that delivers a DMG or PKG installer. Once opened, the installer may request administrator credentials to 'install the update', at which point it deploys malware.
Some campaigns deliver a fake 'Flash Player Update Required' or 'Browser Plugin Update' using Apple's design language, targeting users who associate those prompt styles with Apple's own software.
Common red flags
- A browser webpage or pop-up tells you a critical Apple software update is required — genuine Apple updates come through System Settings, not browsers
- You are prompted to download a DMG or PKG file from a non-apple.com domain to update your Mac
- The 'update' installer asks for your macOS administrator password
- The pop-up appears on a site unrelated to Apple (a torrent site, a news site, etc.)
- The alert claims your Mac is infected and the update will 'fix' the security issue
- The downloaded file name contains generic terms like 'MacUpdater', 'AdobeFlash', or 'SafeInstaller'
How to protect yourself
- Update macOS only through System Settings > General > Software Update, and iOS through Settings > General > Software Update
- Never download software installers from browser pop-ups, even if they look like Apple system dialogs
- Enable Gatekeeper on your Mac: System Settings > Privacy and Security ensures only App Store and notarised apps can run
- Do not enter your Mac administrator password for any software that was not obtained from the Mac App Store or apple.com directly
- Use macOS's built-in malware protection (XProtect and MRT) which updates silently in the background
How to report it
- Report the malicious website to [email protected] with the URL
- Report to the FTC at reportfraud.ftc.gov (US) or Action Fraud actionfraud.police.uk (UK)
- Submit the malicious URL to Google Safe Browsing at safebrowsing.google.com/safebrowsing/report_phish
- If malware was installed, consider contacting a reputable IT security professional for remediation
Frequently asked questions
Can a real Apple update notification appear in a web browser?
No. Apple delivers macOS and iOS updates through the device's own Settings or System Settings app — not through browser windows. A browser alert claiming an Apple update is required is not a genuine Apple notification.
What should I do if I already installed something from a fake Apple update pop-up?
Open Activity Monitor (Applications > Utilities > Activity Monitor) and look for unfamiliar processes. Navigate to System Settings > Login Items to check for software set to run at startup. Use a trusted security tool to scan for adware. Change your Mac administrator password and any passwords you entered during the fake installation.
Does Apple ever show security warnings in a browser tab?
No. Apple's built-in security notifications for macOS and iOS appear as system-level dialogs, not browser windows. Safari may show a 'fraudulent website' warning for known phishing sites, but that is Apple protecting you from a dangerous page — it is not Apple asking you to download anything.