Apple has just released an update to XProtect Remediator security software (Catalina or later), bringing it to version 114, and to XProtect (for all macOS from El Capitan or so) bringing it to version 2173.

Apple doesn’t release information about what security issues these updates might add or change. However, XProtect’s Yara definitions add three new detection rules, for MACOS.SOMA.A, MACOS.SOMA.C and MACOS.ADLOAD.WSS, which presumably detects a variant of Adload malware. Thanks to Stuart Ashenbrenner for identifying the two variants of ‘Soma’ as what’s generally known as AtomicStealer. XProtect Remediator gains another scanning module for what Apple terms RedPine. There are no changes in the Bastion rules for the behavioural version of XProtect (Ventura and Sonoma only).

You can check whether these updates have been installed by opening System Information via About This Mac, and selecting the Installations item under Software.

A full listing of security data file versions is given by SilentKnight, LockRattler and SystHist for El Capitan to Sonoma available from their product page. If your Mac has not yet installed these updates, you can force them using SilentKnight, LockRattler, or at the command line.

If you want to install these as named updates in SilentKnight, their labels are XProtectPayloads_10_15-114 and XProtectPlistConfigData_10_15-2173.

I have updated the reference pages here which are accessed directly from LockRattler 4.2 and later using its Check blog button.

I maintain lists of the current versions of security data files for Sonoma on this page, Ventura on this page, Monterey on this page, Big Sur on this page, Catalina on this page, Mojave on this page, High Sierra on this page, Sierra on this page, and El Capitan on this page.

Updated 2020 12 October 2023 with identification of SOMA.