Apple recently updated XProtect, the software built into macOS that protects the operating system against viruses and malware. The update, version 2166, was released on February 22 and was installed automatically, which is the usual method for XProtect.
A recent blog post by Howard Oakley highlights the new release, and while Apple isn’t releasing security notes on the update, Oakley says XProtect has been updated with new Yara definitions for two exploits, MACOS .KEYSTEAL.A and HONKBOX_A, B, and C. Oakley also says that Apple usually masks the identity of exploits in its definitions, but this time Apple used their recognized names.
To see if the update has been installed on your Mac, you can use the System Information app found in Applications > Utilities. Once you launch the app, search for the Software section in the left column, and click Facilities. In the main section of the window, a list will appear, and if sorted by Software name, you can click on the header to reverse the list (or scroll down) to see the entry for “XProtectPlistConfigData”. The update is version 2166 and is available for macOS versions starting with El Capitan.
Foundry
The update should install automatically, but you can force the installation using one of the utilities created by Oakley: SilentKnight, which checks if macOS security has been updated, or LockRattler, which checks if the basic macOS security functions are working. These free utilities can be downloaded from the Oakley website.
Be sure to check out Oakley’s blog, which is a great mix of Mac tech articles and painting posts. Oakley is a longtime Mac developer who has written several excellent Mac utilities.
