Apple has released an update to XProtect
Apple has just released an update to XProtect for all supported versions of macOS, bringing it to version 5285. As usual, Apple doesn’t release information about what security issues this update might add or change.
This version changes its private rule to match Dylibs, adds a new rule for MACOS.RACINE.B, and modifies the existing rule for MACOS.BUNDLORE.MDPLST.
You can check whether this update has been installed by opening System Information via About This Mac, and selecting the Installations item under Software.
A full listing of security data file versions is given by SilentKnight, LockRattler and SystHist for El Capitan to Sequoia available from their product page. If your Mac hasn’t yet installed this update, you can force it using SilentKnight, LockRattler, or at the command line.
If you want to install this as a named update in SilentKnight, its label is XProtectPlistConfigData_10_15-5285.
For Sequoia only: this update should be available shortly in iCloud for macOS 15.2. If you want to check that manually, use the Terminal command
sudo xprotect check
then entering your admin password. If that returns version 5285 but your Mac still has an older version installed, you can force the update using
sudo xprotect update
Sequoia 15.2 shouldn’t offer you this new version using Software Update, softwareupdate or in SilentKnight.
I have updated the reference pages here which are accessed directly from LockRattler 4.2 and later using its Check blog button.
I maintain lists of the current versions of security data files for Sequoia on this page, for Sonoma on this page, Ventura on this page, Monterey on this page, Big Sur on this page, Catalina on this page, Mojave on this page, High Sierra on this page, Sierra on this page, and El Capitan on this page.
