Apple has released an update to XProtect for all macOS

Apple has just released an update to XProtect for all supported versions of macOS, bringing it to version 5287. As usual, Apple doesn’t release information about what security issues this update might add or change.

This version adds two new rules for MACOS.FLUFFYFERRET.CT and MACOS.TAILGATOR, together with a complete set of UUIDs for all existing rules.

You can check whether this update has been installed by opening System Information via About This Mac, and selecting the Installations item under Software.

A full listing of security data file versions is given by SilentKnight, LockRattler and SystHist for El Capitan to Sequoia available from their product page. If your Mac hasn’t yet installed this update, you can force it using SilentKnight, LockRattler, or at the command line.

If you want to install this as a named update in SilentKnight, its label is XProtectPlistConfigData_10_15-5287.

Sequoia systems only

This update should also be available shortly for Sequoia via iCloud. If you want to check that manually, use the Terminal command
sudo xprotect check
then entering your admin password. If that returns version 5287 but your Mac still has an older version installed, you can force the update using
sudo xprotect update

This version is now available via Software Update, softwareupdate, or in SilentKnight as well. If your Mac is running Sequoia and you download it that way, rather than using iCloud, then once it’s installed you’ll need to run the update command for that to take correctly.

I have updated the reference pages here which are accessed directly from LockRattler 4.2 and later using its Check blog button.