macOS 15.2 Changes XProtect Update Mechanism
In the latest release of Sequoia, the traditional method of updating XProtect is no longer used. If
softwareupdatewere to download and install an update, then it will only end up in the traditional location, andxprotect updatecan’t use that to update the new location.In normal use, this means that the user can’t update XProtect until that new version is made available from iCloud. This ensures that the only versions provided to Macs running 15.2 and later are those intended to be used in Sequoia, but it also means that any delay in providing those via iCloud will leave Macs without the latest update.
Apple has modified the
xprotectcommand to provide one let-out, though: usesudo xprotect update --prereleaseand it “will attempt to use a prerelease update, if available.”
Also confusing is that Apple never shows these updates in System Preferences > Software Update nor on the Apple Security Releases webpage (although they should be listed after installation in System Report > Software > Installations if you can locate that report on your Mac).
Apple provides so many services for different parts of macOS that it’s hard to keep track of them. If you want to see a short summary, this article lists all service connections for enterprise network administrators, although it doesn’t detail which services use which servers, for example referring to “macOS updates” in many entries.
Many of you seem surprised to learn that Sequoia’s new XProtect updates come from iCloud, although Apple has been using iCloud for similar purposes for at least the last five years.
Previously:
- macOS 15.2
- Mac App Impersonation
- How Ventura Checks the Security of Apps and Tools
- Secret Mac Security
- Active Mac Malware Scans
- XProtect Remediator
