Apple has just released updates to XProtect for all supported versions of macOS, bringing it to version 5330, and to XProtect Remediator for all macOS from Catalina onwards, to version 157. As usual, Apple doesn’t release information about what security issues these updates might add or change.

Yara definitions in this version of XProtect add two new detection rules for MACOS.BONZAI.RECO and MACOS.BONZAI.FAGOBNCO. The XPScripts.yr scripting rules make several amendments to the criteria for MACOS.OSASCRIPT.DUST.

XProtect Remediator doesn’t change the list of scanner modules.

The Bastion rules appear to correct a group of typos in the definition for bastion-common-system-binary, but don’t have any other changes.

You can check whether these updates have been installed by opening System Information via About This Mac, and selecting the Installations item under Software.

A full listing of security data file versions is given by SilentKnight and SystHist for El Capitan to Tahoe available from their product page. If your Mac hasn’t yet installed this update, you can force it using SilentKnight or at the command line.

If you want to install these as named updates in SilentKnight, their labels are XProtectPayloads_10_15-157 and XProtectPlistConfigData_10_15-5330.

Sequoia and Tahoe systems only

This XProtect update has not yet been released for Sequoia and Tahoe via iCloud. If you want to check it manually, use the Terminal command
sudo xprotect check
then enter your admin password. If that returns version 5330 but your Mac still reports an older version is installed, you should be able to force the update using
sudo xprotect update