Apple has just released an update to XProtect for Sequoia
Apple has just released an update to XProtect for Sequoia only, bringing it to version 5275. As usual, Apple doesn’t release information about what security issues this update might add or change.
In accordance with changes brought in version 5274 for Sonoma and earlier, this new version replaces the previous rule for MACOS.449a7ed with a modified version for MACOS.BUNDLORE.KUDU.5, that for MACOS.e4644f7 with MACOS.BUNDLORE.KUDU.3, and that for MACOS.0e62876 with MACOS.BUNDLORE.WBTLS.
It also adds a Yara definition for MACOS.TAILGATOR.CT using the new format of rule, with each rule given a UUID and listing SHA256 hashes of file size, of which there are just 13.
You can check whether this update has been installed by opening System Information via About This Mac, and selecting the Installations item under Software.
A full listing of security data file versions is given by SilentKnight, LockRattler and SystHist for El Capitan to Sequoia available from their product page. If your Mac hasn’t yet installed this update, you can force it using SilentKnight, LockRattler, or at the command line.
If you want to install this as a named update in SilentKnight, its label is XProtectPlistConfigData_10_15-5275.
So far, I have seen no sign of this update in iCloud, which still returns an XProtect version of 5272. If you download and install it using Software Update, softwareupdate or SilentKnight, then you need to update the primary XProtect bundle in Terminal using the command
sudo xprotect update
then entering your admin password.
I maintain a list of the current versions of security data files for Sequoia on this page.