Apple has released an update to XProtect Remediator (21-February-2024) XProtect (XProtectPlistConfigData) remains at version 2186 as of 19-February-2024. XProtect Remediator (XPR) (XProtectPayloads) has been updated to version 126 as of 21-February-2024. The Malware Removal Tool (MRT) (MRTConfigData) remains at version 1.93 since 26-September-2023. Although periodically checked by macOS, manually running the following undocumented macOS Software Update Tool command could hasten any of the above applicable pending software update(s): % softwareupdate -ia --include-config-data Versions Check: % defaults read /Library/Apple/System/Library/CoreServices/XProtect.bundle/Contents/Info.plist CFBundleShortVersionString; defaults read /Library/Apple/System/Library/CoreServices/XProtect.app/Contents/Info.plist CFBundleShortVersionString; defaults read /Library/Apple/System/Library/CoreServices/MRT.app/Contents/Info.plist CFBundleShortVersionString
Apple has released an update to XProtect and Yara definitions (27-February-2024) XProtect (XProtectPlistConfigData) has been updated to 2187 as of 27-February-2024. XProtect Remediator (XPR) (XProtectPayloads) remains at version 126 since 21-February-2024. The Malware Removal Tool (MRT) (MRTConfigData) remains at version 1.93 since 26-September-2023. Although periodically checked by macOS, manually running the following undocumented macOS Software Update Tool command could hasten any of the above applicable pending software update(s): % softwareupdate -ia --include-config-data Versions Check: % defaults read /Library/Apple/System/Library/CoreServices/XProtect.bundle/Contents/Info.plist CFBundleShortVersionString; defaults read /Library/Apple/System/Library/CoreServices/XProtect.app/Contents/Info.plist CFBundleShortVersionString; defaults read /Library/Apple/System/Library/CoreServices/MRT.app/Contents/Info.plist CFBundleShortVersionString
Apple has just released updates to XProtect, XProtect Remediator and Yara definitions (05-March-2024) XProtect (XProtectPlistConfigData) has been updated to version 2188 as of 05-March-2024. XProtect Remediator (XPR) (XProtectPayloads) has been updated to version 128 as of 05-March-2024. The Malware Removal Tool (MRT) (MRTConfigData) remains at version 1.93 since 26-September-2023. Although periodically checked by macOS, manually running the following undocumented macOS Software Update Tool command could hasten any of the above applicable pending software update(s): % softwareupdate -ia --include-config-data Versions Check: % defaults read /Library/Apple/System/Library/CoreServices/XProtect.bundle/Contents/Info.plist CFBundleShortVersionString; defaults read /Library/Apple/System/Library/CoreServices/XProtect.app/Contents/Info.plist CFBundleShortVersionString; defaults read /Library/Apple/System/Library/CoreServices/MRT.app/Contents/Info.plist CFBundleShortVersionString
Apple has just released updates to XProtect, and Yara definitions (12-March-2024) XProtect (XProtectPlistConfigData) has been updated to version 2189 as of 12-March-2024. XProtect Remediator (XPR) (XProtectPayloads) remains at version 128 as of 05-March-2024. The Malware Removal Tool (MRT) (MRTConfigData) remains at version 1.93 since 26-September-2023. Although periodically checked by macOS, manually running the following undocumented macOS Software Update Tool command could hasten any of the above applicable pending software update(s): % softwareupdate -ia --include-config-data Versions Check: % defaults read /Library/Apple/System/Library/CoreServices/XProtect.bundle/Contents/Info.plist CFBundleShortVersionString; defaults read /Library/Apple/System/Library/CoreServices/XProtect.app/Contents/Info.plist CFBundleShortVersionString; defaults read /Library/Apple/System/Library/CoreServices/MRT.app/Contents/Info.plist CFBundleShortVersionString
Apple has just released updates to XProtect, XProtect Remediator, and YARA rulesets have been amended (19-March-2024) XProtect (XProtectPlistConfigData) has been updated to version 2190 as of 19-March-2024. XProtect Remediator (XPR) (XProtectPayloads) has been updated to version 129 as of 19-March-2024. The Malware Removal Tool (MRT) (MRTConfigData) remains at version 1.93 since 26-September-2023. Although periodically checked by macOS, manually running the following undocumented macOS Software Update Tool command could hasten any of the above applicable pending software update(s): % softwareupdate -ia --include-config-data Versions Check: % defaults read /Library/Apple/System/Library/CoreServices/XProtect.bundle/Contents/Info.plist CFBundleShortVersionString; defaults read /Library/Apple/System/Library/CoreServices/XProtect.app/Contents/Info.plist CFBundleShortVersionString; defaults read /Library/Apple/System/Library/CoreServices/MRT.app/Contents/Info.plist CFBundleShortVersionString
Apple has just released updates to XProtect, and YARA rulesets have been amended (26-March-2024) XProtect (XProtectPlistConfigData) has been updated to version 2191 as of 26-March-2024. XProtect Remediator (XPR) (XProtectPayloads) remains at version 129 as of 19-March-2024. The Malware Removal Tool (MRT) (MRTConfigData) remains at version 1.93 since 26-September-2023. Although periodically checked by macOS, manually running the following undocumented macOS Software Update Tool command could hasten any of the above applicable pending software update(s): % softwareupdate -ia --include-config-data Versions Check: % defaults read /Library/Apple/System/Library/CoreServices/XProtect.bundle/Contents/Info.plist CFBundleShortVersionString; defaults read /Library/Apple/System/Library/CoreServices/XProtect.app/Contents/Info.plist CFBundleShortVersionString; defaults read /Library/Apple/System/Library/CoreServices/MRT.app/Contents/Info.plist CFBundleShortVersionString
Apple has just released updates to XProtect Remediator, and a Bastion rule has been added. (02-April-2024) XProtect (XProtectPlistConfigData) remains at version 2191 as of 26-March-2024. XProtect Remediator (XPR) (XProtectPayloads) has been updated to version 130 as of 02-April-2024. The Malware Removal Tool (MRT) (MRTConfigData) remains at version 1.93 since 26-September-2023. Although periodically checked by macOS, manually running the following undocumented macOS Software Update Tool command could hasten any of the above applicable pending software update(s): % softwareupdate -ia --include-config-data Versions Check: % defaults read /Library/Apple/System/Library/CoreServices/XProtect.bundle/Contents/Info.plist CFBundleShortVersionString; defaults read /Library/Apple/System/Library/CoreServices/XProtect.app/Contents/Info.plist CFBundleShortVersionString; defaults read /Library/Apple/System/Library/CoreServices/MRT.app/Contents/Info.plist CFBundleShortVersionString
Apple has just released updates to XProtect, XProtect Remediator, YARA definitions, and Bastion rules. (23-April-2024) XProtect (XProtectPlistConfigData) has been updated to version 2192 as of 23-April-2024. XProtect Remediator (XPR) (XProtectPayloads) has been updated to version 131 as of 23-April-2024. The Malware Removal Tool (MRT) (MRTConfigData) remains at version 1.93 since 26-September-2023. Although periodically checked by macOS, manually running the following undocumented macOS Software Update Tool command could hasten any of the above applicable pending software update(s): % softwareupdate -ia --include-config-data Versions Check: % defaults read /Library/Apple/System/Library/CoreServices/XProtect.bundle/Contents/Info.plist CFBundleShortVersionString; defaults read /Library/Apple/System/Library/CoreServices/XProtect.app/Contents/Info.plist CFBundleShortVersionString; defaults read /Library/Apple/System/Library/CoreServices/MRT.app/Contents/Info.plist CFBundleShortVersionString
Apple has just released updates to XProtect, XProtect Remediator, and YARA definitions. (30-April-2024) XProtect (XProtectPlistConfigData) has been updated to version 2193 as of 30-April-2024. XProtect Remediator (XPR) (XProtectPayloads) has been updated to version 132 as of 30-April-2024. The Malware Removal Tool (MRT) (MRTConfigData) remains at version 1.93 since 26-September-2023. Although periodically checked by macOS, manually running the following undocumented macOS Software Update Tool command could hasten any of the above applicable pending software update(s): % softwareupdate -ia --include-config-data Versions Check: % defaults read /Library/Apple/System/Library/CoreServices/XProtect.bundle/Contents/Info.plist CFBundleShortVersionString; defaults read /Library/Apple/System/Library/CoreServices/XProtect.app/Contents/Info.plist CFBundleShortVersionString; defaults read /Library/Apple/System/Library/CoreServices/MRT.app/Contents/Info.plist CFBundleShortVersionString
Apple has just released an update to XProtect Remediator. (02-May-2024) XProtect (XProtectPlistConfigData) remains at version 2193 as of 30-April-2024. XProtect Remediator (XPR) (XProtectPayloads) has been updated to version 133 as of 02-May-2024. The Malware Removal Tool (MRT) (MRTConfigData) remains at version 1.93 since 26-September-2023. NOTE: Incorporates changes in the detection of Pirrit malware that often give false positives with components in Xcode, and with some third-party security software. Additional Reference: macOS Adload | Prolific Adware Pivots Just Days After Apple’s XProtect Clampdown Although periodically checked by macOS, manually running the following undocumented macOS Software Update Tool command could hasten any of the above applicable pending software update(s): % softwareupdate -ia --include-config-data Versions Check: % defaults read /Library/Apple/System/Library/CoreServices/XProtect.bundle/Contents/Info.plist CFBundleShortVersionString; defaults read /Library/Apple/System/Library/CoreServices/XProtect.app/Contents/Info.plist CFBundleShortVersionString; defaults read /Library/Apple/System/Library/CoreServices/MRT.app/Contents/Info.plist CFBundleShortVersionString
Apple has just released an update to XProtect and YARA definitions. (07-May-2024) XProtect (XProtectPlistConfigData) has been updated to version 2194 as of 07-May-2024. XProtect Remediator (XPR) (XProtectPayloads) remains at version 133 as of 02-May-2024. The Malware Removal Tool (MRT) (MRTConfigData) remains at version 1.93 since 26-September-2023. Although periodically checked by macOS, manually running the following undocumented macOS Software Update Tool command could hasten any of the above applicable pending software update(s): % softwareupdate -ia --include-config-data Versions Check: % defaults read /Library/Apple/System/Library/CoreServices/XProtect.bundle/Contents/Info.plist CFBundleShortVersionString; defaults read /Library/Apple/System/Library/CoreServices/XProtect.app/Contents/Info.plist CFBundleShortVersionString; defaults read /Library/Apple/System/Library/CoreServices/MRT.app/Contents/Info.plist CFBundleShortVersionString
Apple has just released updates to XProtect, XProtect Remediator, and Yara definitions. (28-May-2024) XProtect (XProtectPlistConfigData) has been updated to version 2195 as of 28-May-2024. XProtect Remediator (XPR) (XProtectPayloads) has been updated to version 135 as of 28-May-2024. The Malware Removal Tool (MRT) (MRTConfigData) remains at version 1.93 since 26-September-2023. Although periodically checked by macOS, manually running the following undocumented macOS Software Update Tool command could hasten any of the above applicable pending software update(s): % softwareupdate -ia --include-config-data Versions Check: % defaults read /Library/Apple/System/Library/CoreServices/XProtect.bundle/Contents/Info.plist CFBundleShortVersionString; defaults read /Library/Apple/System/Library/CoreServices/XProtect.app/Contents/Info.plist CFBundleShortVersionString; defaults read /Library/Apple/System/Library/CoreServices/MRT.app/Contents/Info.plist CFBundleShortVersionString
Apple has just released updates to XProtect, XProtect Remediator, and Bastion rules. (18-June-2024) XProtect (XProtectPlistConfigData) has been updated to version 5268 as of 18-June-2024. Yes, a change to the numbering. XProtect Remediator (XPR) (XProtectPayloads) has been updated to version 137 as of 18-June-2024. The Malware Removal Tool (MRT) (MRTConfigData) remains at version 1.93 since 26-September-2023. Although periodically checked by macOS, manually running the following undocumented macOS Software Update Tool command could hasten any of the above applicable pending software update(s): % softwareupdate -ia --include-config-data Versions Check: % defaults read /Library/Apple/System/Library/CoreServices/XProtect.bundle/Contents/Info.plist CFBundleShortVersionString; defaults read /Library/Apple/System/Library/CoreServices/XProtect.app/Contents/Info.plist CFBundleShortVersionString; defaults read /Library/Apple/System/Library/CoreServices/MRT.app/Contents/Info.plist CFBundleShortVersionString
What do XProtect BehaviourService and Bastion rules do? Spoiler Not content with two different XProtects, Apple added a third to macOS Ventura, XProtect BehaviorService (XBS), part of the new Bastion behavioural-based malware detection system. Rather than performing on-demand or periodic scans of static code, this watches for potentially malicious behaviours, such as attempts to access folders used by browsers such as Safari and Google Chrome. This article summarises what XBS is doing as we prepare to upgrade from Sonoma to Sequoia. What they do Apple tells us precious little about XBS and Bastion, mentioning them in its Platform Security Guide: “In addition, XProtect contains an advanced engine to detect unknown malware based on behavioral analysis. Information about malware detected by this engine, including what software was ultimately responsible for downloading it, is used to improve XProtect signatures and macOS security.” At present, XBS and Bastion only record suspicious events in the XBS database at /var/protected/xprotect/XPdb, report them to Apple, but don’t attempt to intervene in any way. They determine what to report according to a set of rules applied by syspolicyd that are compiled from source files updated inside XProtect Remediator update bundles. Changes in those, in XPR’s scanning modules, and in XProtect’s detection signatures, are reported on this blog for each update released by Apple. Development Over the period since its introduction, Bastion rules have grown steadily, from four to 12: In macOS 13.5 (24 July 2023) there were 4 rules, increasing to 5 in September 2023. XProtect Remediator (XPR) 108 (8 August 2023) brought the first separate Bastion rule update. XPR 112 added rules 6 and 7. XPR 123 added rules 8 and 9, and adjusted rule 7. XPR 130 added rule 10. XPR 131 added rule 11. XPR 137 added rule 12, and amended rules 6 and 7. Updates provided in XProtect Remediator contain two files for XBS and Bastion: bastion.sb, a text file containing the latest Bastion SystemPolicyConfiguration, its rules; BastionMeta.plist, a property list defining behaviour dictionaries for XBS and Bastion. Bastion rules The Bastion SystemPolicyConfiguration file bastion.sb is prefaced with the line (version 3), which hasn’t changed since the first update. This first defines four groups of processes: usual-offenders, common exceptions to several rules, and separate groups of exceptions to each of Bastion rules 1, 2, 3 and 12. For example, com.apple.mds and other Spotlight indexing processes are usual-offenders, while com.apple.Finder is only a rule-one-offender. Interestingly, three of the XProtect Remediator scanning modules (MRTv3, Pirrit and WaterNet) are included in the list of usual-offenders. Using those lists of exceptions, Bastion rules are then built as filters: excludes other processes from accessing private data for Google Chrome, Firefox and Safari; excludes other processes from accessing private data for Messages, Microsoft Teams, Slack and WhatsApp; excludes other processes from accessing the QuarantineEvents database; controls access to two socket ioctl commands SIOCIFCREATE and SIOCGIFDESC; controls access to writing files with a period/stop at the start of their name within Library/PrivilegedHelperTools/ directories. controls creating or writing to files with a name starting with com within /Library/Application Support/ controls creating or writing to files with a name starting with com within /Library/Application Support/ and user /Library/Application Support/ directories controls creating or writing to files with a name starting with a period/stop, other than .DS_Store, in user /Library/Application Support/ directories excludes other processes from creating or writing to files in user /Library/Containers/com.apple.Safari/Data/Library/Safari/AppExtensions/ directories controls creating or writing to files with a name starting with a period/stop, other than .DS_Store, .betamigrated and .localized, in the /Users/Shared/ directory controls execution of processes from files with a name starting with a period/stop in the /Users/Shared/ directory excludes other processes from accessing private data for Notes, Safari Cookies, Chrome, Brave, Microsoft Edge, Opera, Vivaldi, Firefox, Arc, other cookies, Electrum and Coinomi wallets, Exodus, atomic, Binance, Filezilla, Steam and Discord. The updated bastion.sb file supplied in XPR updates is explicitly referenced by syspolicyd to replace the version embedded in its own code. BastionMeta.plist This property list contains a metadata dictionary of 12 behaviours, each correlating with a Bastion rule. Each has a Signature Name, such as macOS.NetworkSniffer.Generic, a Boolean value indicating the need for immediate reporting, and a binary flag ranging from 1 to 2048. The behaviours are named: Browser Messages QntDb NetworkSniffer HiddenPrivilegedHelpers ADLOAD NumericPath ADLOAD PersistenceSearch Persistence HiddenAppSupport Safari ExtensionModification Persistence HiddenShared Generic Persistence HiddenShared Exec InfoStealers. Behaviours detected Individual rules currently detect: attempts to access private browser data attempts to access private messaging data attempts to access quarantine records attempts to perform network packet sniffing attempts to write to hidden privileged helper apps Adload behaviours Adload persistence behaviours persistence behaviour using hidden files in user /Library/Application Support/ directories attempts to create and use Safari extensions persistence behaviour using hidden files in /Users/Shared/ persistence behaviour running hidden files in /Users/Shared/ attempts by an InfoStealer to access a wide range of private data. Summary In macOS Ventura and later, XProtect BehaviorService (XBS) and its Bastion rules detect suspicious behaviours that might reflect malicious activity. Bastion rules are updated within XProtect Remediator updates, using two files bastion.sb and BastionMeta.plist. There are currently 12 Bastion rules, covering generic behaviours such as accessing private data, to those indicative of Adload and InfoStealer malware. Suspicious behaviour is recorded locally to the XBS database and reported to Apple, but isn’t notified to the user. Currently, the primary purpose of XBS and Bastion is to provide Apple’s security team with intelligence to improve protection provided by XProtect and XProtect Remediator.
Apple has just released updates to XProtect, XProtect Remediator and Yara definitions.. (09-July-2024) XProtect (XProtectPlistConfigData) has been updated to version 5269 as of 09-July-2024. XProtect Remediator (XPR) (XProtectPayloads) has been updated to version 139 as of 09-July-2024. The Malware Removal Tool (MRT) (MRTConfigData) remains at version 1.93 since 26-September-2023. Although periodically checked by macOS, manually running the following undocumented macOS Software Update Tool command could hasten any of the above applicable pending software update(s): % softwareupdate -ia --include-config-data Versions Check: % defaults read /Library/Apple/System/Library/CoreServices/XProtect.bundle/Contents/Info.plist CFBundleShortVersionString; defaults read /Library/Apple/System/Library/CoreServices/XProtect.app/Contents/Info.plist CFBundleShortVersionString; defaults read /Library/Apple/System/Library/CoreServices/MRT.app/Contents/Info.plist CFBundleShortVersionString
Apple has just released updates to XProtect, XProtect Remediator and Yara definitions. (23-July-2024) XProtect (XProtectPlistConfigData) has been updated to version 5270 as of 23-July-2024. XProtect Remediator (XPR) (XProtectPayloads) has been updated to version 140 as of 23-July-2024. The Malware Removal Tool (MRT) (MRTConfigData) remains at version 1.93 since 26-September-2023. Although periodically checked by macOS, manually running the following undocumented macOS Software Update Tool command could hasten any of the above applicable pending software update(s): % softwareupdate -ia --include-config-data Versions Check: % defaults read /Library/Apple/System/Library/CoreServices/XProtect.bundle/Contents/Info.plist CFBundleShortVersionString; defaults read /Library/Apple/System/Library/CoreServices/XProtect.app/Contents/Info.plist CFBundleShortVersionString; defaults read /Library/Apple/System/Library/CoreServices/MRT.app/Contents/Info.plist CFBundleShortVersionString
Apple has just released updates to XProtect, XProtect Remediator and Yara definitions. (06-August-2024) XProtect (XProtectPlistConfigData) has been updated to version 5271 as of 06-August-2024. XProtect Remediator (XPR) (XProtectPayloads) has been updated to version 141 as of 06-August-2024. The Malware Removal Tool (MRT) (MRTConfigData) remains at version 1.93 since 26-September-2023. Although periodically checked by macOS, manually running the following undocumented macOS Software Update Tool command could hasten any of the above applicable pending software update(s): % softwareupdate -ia --include-config-data Versions Check: % defaults read /Library/Apple/System/Library/CoreServices/XProtect.bundle/Contents/Info.plist CFBundleShortVersionString; defaults read /Library/Apple/System/Library/CoreServices/XProtect.app/Contents/Info.plist CFBundleShortVersionString; defaults read /Library/Apple/System/Library/CoreServices/MRT.app/Contents/Info.plist CFBundleShortVersionString
Note that xprotect updates in macOS Sequoia (currently in beta) are reportedly delivered differently, likely via CloudKit. A new xprotect command tool has entries in its man page/-h page. Findings/article by Howard Oakley, here: https://eclecticlight.co/2024/08/11/last-week-on-my-mac-what-is-happening-with-xprotect-updates/
Apple has just released updates to XProtect Remediator. (20-August-2024) XProtect (XProtectPlistConfigData) remains at version 5271 as of 06-August-2024. XProtect Remediator (XPR) (XProtectPayloads) has been updated to version 142 as of 20-August-2024. The Malware Removal Tool (MRT) (MRTConfigData) remains at version 1.93 since 26-September-2023. Although periodically checked by macOS, manually running the following undocumented macOS Software Update Tool command could hasten any of the above applicable pending software update(s): % softwareupdate -ia --include-config-data Versions Check: % defaults read /Library/Apple/System/Library/CoreServices/XProtect.bundle/Contents/Info.plist CFBundleShortVersionString; defaults read /Library/Apple/System/Library/CoreServices/XProtect.app/Contents/Info.plist CFBundleShortVersionString; defaults read /Library/Apple/System/Library/CoreServices/MRT.app/Contents/Info.plist CFBundleShortVersionString
Apple has just released updates to XProtect and YARA definitions. (28-August-2024) XProtect (XProtectPlistConfigData) has been updated to version 5272 as of 28-August-2024. XProtect Remediator (XPR) (XProtectPayloads) remains at version 142 as of 20-August-2024. The Malware Removal Tool (MRT) (MRTConfigData) remains at version 1.93 since 26-September-2023. Although periodically checked by macOS, manually running the following undocumented macOS Software Update Tool command could hasten any of the above applicable pending software update(s): % softwareupdate -ia --include-config-data % sudo xprotect update (macOS 15 Sequoia Beta) Versions Check: % defaults read /Library/Apple/System/Library/CoreServices/XProtect.bundle/Contents/Info.plist CFBundleShortVersionString; defaults read /Library/Apple/System/Library/CoreServices/XProtect.app/Contents/Info.plist CFBundleShortVersionString; defaults read /Library/Apple/System/Library/CoreServices/MRT.app/Contents/Info.plist CFBundleShortVersionString
Apple has just released updates to XProtect Remediator. (03-September-2024) XProtect (XProtectPlistConfigData) remains at version 5272 as of 28-August-2024. XProtect Remediator (XPR) (XProtectPayloads) has been updated to version 145 as of 03-September-2024. The Malware Removal Tool (MRT) (MRTConfigData) remains at version 1.93 since 26-September-2023. Although periodically checked by macOS, manually running the following undocumented macOS Software Update Tool command could hasten any of the above applicable pending software update(s): % softwareupdate -ia --include-config-data % sudo xprotect update (macOS 15 Sequoia Beta) Versions Check: % defaults read /Library/Apple/System/Library/CoreServices/XProtect.bundle/Contents/Info.plist CFBundleShortVersionString; defaults read /Library/Apple/System/Library/CoreServices/XProtect.app/Contents/Info.plist CFBundleShortVersionString; defaults read /Library/Apple/System/Library/CoreServices/MRT.app/Contents/Info.plist CFBundleShortVersionString
Apple has just released updates to XProtect and YARA definitions. (16-September-2024) XProtect (XProtectPlistConfigData) has been updated to version 5273 as of 16-September-2024. XProtect Remediator (XPR) (XProtectPayloads) remains at version 145 as of 03-Sepptember-2024. The Malware Removal Tool (MRT) (MRTConfigData) remains at version 1.93 since 26-September-2023. Although periodically checked by macOS, manually running the following undocumented macOS Software Update Tool command could hasten any of the above applicable pending software update(s): % softwareupdate -ia --include-config-data % sudo xprotect update (macOS 15 Sequoia) Versions Check: % defaults read /Library/Apple/System/Library/CoreServices/XProtect.bundle/Contents/Info.plist CFBundleShortVersionString; defaults read /Library/Apple/System/Library/CoreServices/XProtect.app/Contents/Info.plist CFBundleShortVersionString; defaults read /Library/Apple/System/Library/CoreServices/MRT.app/Contents/Info.plist CFBundleShortVersionString
Note: Applies only to macOS 14 Sonoma and earlier. Apple has just released updates to XProtect. (18-September-2024) XProtect (XProtectPlistConfigData) has been updated to version 5274 as of 18-September-2024. XProtect Remediator (XPR) (XProtectPayloads) remains at version 145 as of 03-Sepptember-2024. The Malware Removal Tool (MRT) (MRTConfigData) remains at version 1.93 since 26-September-2023. Although periodically checked by macOS, manually running the following undocumented macOS Software Update Tool command could hasten any of the above applicable pending software update(s): % softwareupdate -ia --include-config-data Versions Check: % defaults read /Library/Apple/System/Library/CoreServices/XProtect.bundle/Contents/Info.plist CFBundleShortVersionString; defaults read /Library/Apple/System/Library/CoreServices/XProtect.app/Contents/Info.plist CFBundleShortVersionString; defaults read /Library/Apple/System/Library/CoreServices/MRT.app/Contents/Info.plist CFBundleShortVersionString