Apple recently updated XProtect, a software built into macOS that protects the operating system from viruses and malware. Update version 2166 was released on February 22nd and installed automatically, which is the usual method for XProtect.
A recent blog post by Howard Oakley mentions a new version, and while Apple doesn’t release a security note about the update, Oakley says that XProtect has been updated with new Yara definitions for two exploits, MACOS.KEYSTEAL.A and HONKBOX_A, B, and K. Oakley also says that Apple usually hides exploit IDs in its definitions, but this time Apple used their commonly recognized names.
To find out if an update has been installed on your Mac, you can use the System Information app found under Applications > Utilities. After launching the application, find Software section in the left column and click on Settings. A list will appear in the main part of the window, and if it is sorted by Software name, you can click the title to flip the list (or scroll down) to see the entry for “XProtectPlistConfigData”. Update version 2166 is available for versions of macOS starting with El Capitan.
Foundry
The update should install automatically, you can force it using one of the utilities created by Oakley: SilentKnight, which checks if macOS security has been updated, or LockRattler, which checks if basic macOS security features are working. These free utilities can be downloaded from the Oakley website.
Be sure to check out Oakley’s blog, which is a terrific mix of Mac tech articles and painting posts. Oakley is a longtime Mac developer who has written some great Mac utilities.