Apple updates XProtect and MRT

Apple has pushed a new update to XProtect, bringing the version to number 2159. This update is dated May 12, 2022. The last update for XProtect was on March 17, 2022.

Changes to this version of XProtect include the addition of three new rules:

• MACOS.e71e847: Prevents generic adware known by a few names - SearchProxy, Multiverze (Adload), Synataeb.
• MACOS.1940318: Has not been publicly identified as of yet.
• MACOS.275ff12: Prevents a variant of the adware dubbed Adload.

Apple has pushed new updates to both XProtect and the Malware Removal Tool, bringing the former to version number 2158; and the latter to version 1.91. Both updates are dated March 17, 2021.

Changes to this version of XProtect include the addition of two new rules:

• MACOS.22f03bb: Detects a new variant of the Zuru malware.
• MACOS.efb903b: Detects the Gimmick malware.

No additional data about the update to MRT is available at this time.

Today, Apple has pushed a new update to XProtect, bringing the version number to 2157. The update is dated March 3, 2022. Apple appears to have not released a version 20156, as the previous release was version 2155.

Apple introduced rule MACOS.e150543, which prevents variants of the adware FPlayer. The other updates to XProtect come to rule MACOS.1db9cfa and MACOS.6eaea4b. Both rules prevent the XCSSET malware, introduced in version 2142 and 2144 respectively. Both were last updated in version 2149 from June 28, 2021.

Apple updates both XProtect and MRT, bringing XProtect to version 2155 and MRT to version 1.88, respectively.

Apple has pushed new updates to both XProtect and Malware Removal Tool, bringing the former to version number 2155; and the latter to version 1.88. Both updates are dated August 23, 2021. Apple appears to have skipped MRT version 1.87.

The only new change to this version of XProtect is an update to rule MACOS.8032420, which prevents Genieo/MaxOfferDeal. The last update made to this rule was in version 2151 from September.

No additional data about the update to MRT is available at this time.

Today, Apple has pushed a new update to XProtect, bringing the version number to 2153; the update is dated January 26, 2021.

Apple expanded rule MACOS.9a3e9ed, which was initially introduced in version 2153 on December 16, 2021, to look for variants of the MacUpdater adware, also referred to as FireSearch.

Today, Apple has pushed a new update to XProtect, bringing the version number to 2153; the update is dated December 16, 2021.

Apple expanded rule MACOS.1db9cfa, which was initially introduced in version 2144 on April 15, 2021, to look for variants of the Bundlore adware. The other change to XProtect is the addition of a new rule, MACOS_9a3e9ed. This new addition prevents a type of adware known as MacUpdater, or its other name, FireSearch. Both of these have been known to be associated with the Genieo malware.

This is the first update to XProtect since September 24, 2021, when Apple released version 2151. There was never a public release of version 2152, and no update was made to Apple’s Malware Removal Tool (MRT) at this time.

Apple has pushed new updates to XProtect, bringing the version to number 2151. This update is dated for September 24, 2021.

Apple updated rule MACOS_8032420, which prevents variants of the adware dubbed Genieo (MaxOfferDeal). Apple improved coverage for this rule by adding a single line to the signature for MACOS_8032420. This rule was originally introduced in XProtect version 2123 and was last updated in version 2136.

These are the first updates made to XProtect since August 23, 2021.

Apple has pushed new updates to both XProtect and Malware Removal Tool, bringing the former to version number 2150; and the latter to version 1.82. Both updates are dated August 23, 2021.

Apple introduced rule MACOS.7c241b4, which prevents variants of the common adware dubbed Climpli (Adload). A related rule, MACOS.2afe6bd (Climpli/Adload), which was added in v2141, was also updated. Other updates to XProtect come to rule MACOS.f5d33c9 and MACOS.8a20735 (both Bundlore), which were previously named MACOS.ef3df25 and MACOS.a9ea9b4, respectively.

These are the first updates made to either XProtect or MRT since June 28, 2021.

No additional data about the update to MRT is available at this time.

Apple has pushed new updates to both XProtect and the Malware Removal Tool, bringing the former to version number 2149; and the latter to version 1.81. Both updates are dated June 28, 2021.

Apple introduced rule MACOS.54d6414, which prevents a variant of the Shlayer malware that is a dropper for the Bundlore adware. The other updates to XProtect come to rule MACOS.11eaac1 (VindInstaller.B) and the expansion of two rules that target the XCSSET malware - MACOS.1db9cfa and MACOS.6eaea4.

This is a continuation of Apple’s commitment to preventing XCSSET malware, which has continued to gain attention as it quickly adapts and changes.

Apple appeared to skip MRT 1.80, going straight to version 1.81. No additional data about the update to MRT is available at this time.

Jamf Protect is purpose-built to work with Apple’s native security tools, while also adding the capability of detecting and mitigating a wider range of known malware. Additionally, it provides alerting and reporting capabilities – including the identification of potential new threats — before new updates to XProtect and/or MRT may be available.