Apple recently updated XProtect, the software built into macOS that protects the operating system from viruses and malware. The update, version 2166, was issued on February 22, and was installed automatically, which is the usual procedure for XProtect.
A recent blog post by Howard Oakley points to the new version, and although Apple has not issued security notes about the update, Oakley says that XProtect has been updated in the bag Yara definitions for two exploits, MACOS.KEYSTEAL.A and HONKBOX_A, B, and C. Oakley also says that Apple often confuses the identities of exploits in its definitions, but this time Apple used their recognized names.
To see if the update has been installed on your Mac, you can use the System Information app located in Applications > Utilities. Once you launch the app, look for the Software section in the left column, and click on Installations. In the main section of the window, a list will appear, and if it is sorted by Software Name, you can click the header to reverse the list (or scroll down) to see the entry for “XProtectPlistConfigData”. The update is version 2166, and is available for macOS versions starting with El Capitan.
The update should be installed automatically, buy you can force the installation by using one of the tools made by Oakley: SilentKnight, which checks if the macOS security is updated, or LockRattler, which checks whether basic macOS security functions are working. These free utilities can be downloaded from the Oakley website.
Be sure to check out Oakley’s blog, which is a wonderful mix of technical Mac articles and posts about painting. Oakley is a longtime Mac developer who has written many great Mac tools.