Apple has just released an update to XProtect Remediator

Apple has just released an update to XProtect Remediator security software for Macs running Catalina or later, bringing it to version 96.

Apple doesn’t release information about what security issues this update might add or change. However, it adds two new scanning modules, for malware identified as RankStank and RoachFlight.

You can check whether this update has been installed by opening System Information via About This Mac, and selecting the Installations item under Software.

A full listing of security data file versions is given by SilentKnight, LockRattler and SystHist for El Capitan to Ventura available from their product page. If your Mac has not yet installed these updates, you can force them using SilentKnight, LockRattler, or at the command line.

Those using Content Caching servers should find that this update installs correctly and without tears.

If you want to install this as a named update in SilentKnight, its label is XProtectPayloads_10_15-96.

I have updated the reference pages here which are accessed directly from LockRattler 4.2 and later using its Check blog button.

I maintain lists of the current versions of security data files for Ventura on this page, Monterey on this page, Big Sur on this page, Catalina on this page, Mojave on this page, High Sierra on this page, Sierra on this page, and El Capitan on this page.


It appears that Apple may have pulled this update, as of 28 April. Several of us who have installed it have seen what may be spurious reports of anomalies, although I’ve not seen any that are proper reports of detections or remediations. If you have installed it already, then check carefully using XProCheck whether a warning message is followed by NoThreatDetected or Success: if it is, then you can safely ignore reports of an anomalies. Only if XPR reports that it has detected and/or remediated malware should you suspect that it might have.

I suspect version 97 may be released later today to address these issues.