Apple recently updated XProtect, the software built into macOS that protects the operating system from viruses and malware. The update, version 2166, was issued on February 22, and was installed automatically, which is the usual method for XProtect.
A recent blog post by Howard Oakley points out the new version, and although Apple doesn’t issue security notes about the update, Oakley says that XProtect was updated with new Yara definitions for two exploits, MACOS.KEYSTEAL.A and HONKBOX_A, B, and C. Oakley also says that Apple usually obfuscates the identities of the exploits in its definitions, but this time Apple used their recognized names.
To see if the update was installed on your Mac, you can use the System Information app that’s located in Applications > Utilities. Once you launch the app, look for the Software section in the left column, and click on Installations. In the main section of the window, a list will appear, and if it’s sorted by Software Name, you can click the header to reverse the list (or scroll to the bottom) to see the entry for “XProtectPlistConfigData”. The update is version 2166, and is available for versions of macOS starting with El Capitan.
Foundry
The update should install automatically, but you can force the installation by using one of the utilities Oakley has created: SilentKnight, which checks if macOS’s security has been updated, or LockRattler, which checks if macOS’s basic security functions are working. These free utilities can be downloaded from Oakley’s website.
Be sure to check out Oakley’s blog, which is a terrific mix of Mac technical articles and posts about painting. Oakley is a longtime Mac developer who has written several great Mac utilities.
Author: Roman Loyola, Senior Editor
Roman has covered technology since the early 1990s. His career started at MacUser, and he's worked for MacAddict, Mac|Life, and TechTV.