Apple has just released an update to XProtect

Apple has just released an update to XProtect for all versions of macOS from El Capitan to Sonoma, but not for Sequoia, bringing it to version 5274. Version 5273 was for Sequoia only.

Apple doesn’t release information about what security issues this update might add or change. This replaces the previous rule for MACOS.449a7ed with a modified version for MACOS.BUNDLORE.KUDU.5, that for MACOS.449a7ed with MACOS.BUNDLORE.KUDU.5, that for MACOS.e4644f7 with MACOS.BUNDLORE.KUDU.3, and that for MACOS.0e62876 with MACOS.BUNDLORE.WBTLS. New format Yara rules that were added to 5273 for Sequoia don’t appear, suggesting that Yara rules have been forked, with one fork for Sonoma and earlier, the other for Sequoia only.

You can check whether this update has been installed by opening System Information via About This Mac, and selecting the Installations item under Software.

A full listing of security data file versions is given by SilentKnight, LockRattler and SystHist for El Capitan to Sonoma available from their product page. If your Mac hasn’t yet installed this update, you can force it using SilentKnight, LockRattler, or at the command line.

If you want to install this as a named update in SilentKnight, its label is XProtectPlistConfigData_10_15-5274.

I have updated the reference pages here which are accessed directly from LockRattler 4.2 and later using its Check blog button.

I maintain lists of the current versions of security data files for Sonoma on this page, Ventura on this page, Monterey on this page, Big Sur on this page, Catalina on this page, Mojave on this page, High Sierra on this page, Sierra on this page, and El Capitan on this page.