Apple has pushed a security update to MRT, the macOS malware removal tool

Apple has just pushed an update to the macOS malware removal tool MRT, which brings it to version 1.32 (1.31 appears not to have been released). As usual, Apple doesn’t provide any information about this, but Patrick Wardle reports that this adds detections for two new items for which Apple give internal code names: OSX.4e36ae6 and OSX.127eaa6. These join the equally cryptic OSX.28a9883 which was added to 1.30.

No one seems to know what Apple is referring to, which is extremely unhelpful to everyone involved. macOS seems to be the only operating system for which the names of its malware are now strict secrets, presumably to obstruct third-party security researchers.

You can check whether this update has been installed by opening System Information via About This Mac, and selecting the Installations item under Software.

A full listing of security data file versions is given by LockRattler and SystHist for El Capitan, Sierra and High Sierra, available from Downloads above. If your Mac has not yet installed this update, you can force an update using LockRattler, or at the command line.

I maintain lists of the current versions of security data files for Sierra on this page, for High Sierra on this page, and for El Capitan on this page.