Describe the Bug
Error message : “Cursor” was not opened because it contains malware. This action did not harm your Mac.
Steps to Reproduce
Installed cursor using brew as following :
brew install --cask cursor
Restarted my Mac.
Completed setup of environment.
Above message pops up on my screen.
Expected Behavior
This message should not have been encountered. I tried proving Full Disk access to cursor but that too didn’t work.
Operating System
MacOS
Current Cursor Version (Menu → About Cursor → Copy)
Version: 1.2.4
VSCode Version: 1.99.3
Commit: a8e95743c5268be73767c46944a71f4465d05c90
Date: 2025-07-10T16:53:59.659Z
Electron: 34.5.1
Chromium: 132.0.6834.210
Node.js: 20.19.0
V8: 13.2.152.41-electron.0
OS: Darwin arm64 24.5.0
Does this stop you from using Cursor
No - Cursor works, but with this issue
Hey, this is quite a strange error, it might be related to the fact that Cursor was installed via homebrew. Try the following steps:
Method 1: Temporarily Disable Gatekeeper
# Disable protection
sudo spctl --master-disable
Open Cursor in the usual way
# IMPORTANT: Enable protection back
sudo spctl --master-enable
Method 2: Complete Attribute Removal (if the first didn’t help)
# Remove ALL security attributes
sudo xattr -rd com.apple.quarantine /Applications/Cursor.app
sudo xattr -cr /Applications/Cursor.app
# Add to exceptions
sudo spctl --add /Applications/Cursor.app
Additional:
- A restart may be required after executing the commands
- If these methods didn’t help, try reinstalling:
brew reinstall --cask cursor or download Cursor directly from our website:
It seems like a false positive after an XProtect database update from Apple. Thank you for reporting this.