Apple has pushed an update to XProtect

Apple has pushed an update for XProtect, bringing its version number to 2118, dated 8 April 2020. This is an unusual out-of-cycle update whose sole purpose seems to be to update the large and mysterious collection of signatures in LegacyEntitlementAllowList.plist.

Apple doesn’t release information about what these updates add or change, and now obfuscates the identities of malware detected by XProtect using internal code names. This update doesn’t appear to bring any changes to the detection signatures for XProtect, but almost all of the signatures (cdhashes) in the recently introduced LegacyEntitlementAllowList.plist have changed, and four new entries have been added to the end.

You can check whether this update has been installed by opening System Information via About This Mac, and selecting the Installations item under Software.

A full listing of security data file versions is given by SilentKnight,