Apple has stopped all XProtect updates for macOS Sonoma and earlier
macOS Sequoia 15.0 brings major change to the maintenance and updating of XProtect’s data. With the release of that new version of macOS, Apple has stopped providing any updates to XProtect data for previous versions of macOS, including the latest updates to Sonoma 14.7 and Ventura 13.7, also released yesterday.
Sequoia
If you have upgraded your Mac to Sequoia 15.0 or 15.1 beta, then it should be using XProtect data version 5273, released yesterday, 16 September 2024.
However, immediately after upgrading, the XProtect version may be given as 0, indicating that there’s no XProtect data installed at all. If that’s the case, or the version shown is 5272 or earlier, open Terminal and type in the following command:
sudo xprotect update
after which you’ll be prompted to enter your admin password. Once you do, the latest version of XProtect data should be obtained and installed correctly.
If you run SilentKnight after upgrading to Sequoia, it may find an XProtect data download waiting to be installed. If it does, install it. However, that doesn’t actually update the data used by this new version of XProtect. To complete that process, use the sudo xprotect update command in Terminal.
If you don’t use SilentKnight, you can check the current version of XProtect data being used with:
xprotect version
That should now return 5273. If it doesn’t, use the sudo xprotect update command to force an update.
Sonoma and all earlier macOS
With the release of Sequoia 15.0, Sonoma 14.7 and Ventura 13.7, Apple’s software update servers have stopped providing XProtect data updates to all versions of macOS prior to Sequoia. I have confirmed this in both Sonoma and Ventura. It’s not clear whether this is an error and Apple intends restoring XProtect updates in the future, or has simply stopped providing further updates.
The effect of this depends on the latest version of XProtect data installed on your Mac. If that’s 5272, then your Mac has the latest available without upgrading to Sequoia. If that’s any earlier version of XProtect, then there’s now no supported way for your Mac to be updated from that old version. As the XProtect bundle is located on the Data volume, you could try manually replacing the bundle (if you can get one for version 5272), but there’s no guarantee that will actually be used by XProtect, or make any difference to the protection it provides.
SilentKnight and Skint
The good news is that, if you use my free SilentKnight, and/or Skint, you should get the best information and help whichever version of macOS is running.
In anticipation of this, current versions of SilentKnight and Skint now report different versions for XProtect data depending on whether that Mac is running Sequoia or an earlier version of macOS. However, if the version found is earlier than 5273 (15.x) or 5272 (14.x and earlier), it will be reported as an issue. If Apple does restore XProtect data updates to macOS 14.x and earlier, then SilentKnight should be able to download and install them.
If your Mac is running Sequoia, SilentKnight can’t (yet) update XProtect data. To do that, you’ll need to run sudo xprotect update in Terminal.
Summary
The most recent version of XProtect data for Macs running Sonoma or earlier is 5272.
Currently, Apple’s update servers have stopped providing any updates to XProtect data for Sonoma and earlier.
Sequoia should be using XProtect data version 5273.
If your Mac is running Sequoia and has an older version, use the sudo xprotect update command to force an update.
