自用了好几年的土区 apple id 最近被锁定,无法登录,其实就是被封。
联系技术支持,无法提供锁定原因、无法解封账号,余额(几百元)无法转出。
投诉到 12315 ,仍然是这个结论。。
感觉有点离谱
平时主要是充值土区礼品卡订阅使用。
收到涨价邮件了,2T 从 249.99->399.99 ,涨价后是不是就没啥性价比了,不如回归国区?
我试了月刃还有雷蛇刺葵,win 下蓝牙都能 250hz 回报率 mac 上面之前看很多人说 macos14 之后可以了 我也看别人发的截图确实有 250 了 但是我两款鼠标都试了 并不能啊急急急 我是 macbookm4 应该不是配置
我都不知道什么时候泄露被盗刷的
我用 jcb 两年前升级过 V10
现在 jcb 应该不能绑定 Apple Store 了
我都怀疑是自动续费
但我没开过自动续费,其次我会员也没到期 我也没看到百度网盘 app 有订单 v6 升 v10 也不对。我也没 v6 账号
基于其他人的脚本大改的,但是时间比较早来源找不到了。对样式和使用逻辑进行了大刀阔斧的修改。
使用步骤:
效果如下:
我写的平替软件叫作 Raspberry 。这是我解决 macOS 26 里缺少 Launchpad 的方案。
从 macOS 26 起,启动台将变为一个全新的 app——Apps 。自此之后,启动台的熟悉界面将再也无法在系统中看到了。虽然 Apps 中有自带的软件分类,但却无法再支持自定义分组分类。对于需要启动台原生界面以及自定义分组的用户来说,这无疑是一个负面消息。因此,有很多人制作了启动台的替代品,Raspberry 也是其中之一,旨在还原启动台的基本功能的同时,弥补甚至提升部分功能的使用体验。例如,相比原生 Launchpad ,Raspberry 通过右键方式提供更灵活的分组方式,帮助用户高效整理和访问应用,提升桌面管理体验。
虽然许多启动器软件都具有手动分组功能,但对于从前代 macOS 转移过来的用户来说,迁移现有的分组信息才是大麻烦。Raspberry 的迁移功能可以将用户在 macOS 26 之前系统上的启动台分组保存在本地,待用户升级到 macOS 26 之后,打开 Raspberry 即自动完成迁移。(需要注意的是:此功能需要在升级前就购买并安装 Raspberry 的付费版并正确操作)此外,用户还可随时保存自己当前的分组结构,亦可在任何时候回复到之前的存档点。
首次启动时,Raspberry 将索引电脑中的 app ,这个索引不基于 Spotlight ,因此即便 Spotlight 索引消失,也保存在本地不丢失。如所有启动软件一样,左键单击某一个软件的图标,即可打开运行这个软件。如果单击的是分组,那么就会打开这个分组。
除了左键的基本功能外,Raspberry 在原生启动台的基础上增加了右键功能,可以为一个软件创建分组、加入分组、从一个分组移动到另一个分组、移回主界面以及移动到垃圾篓。
| 免费版 | 付费版 | |
|---|---|---|
| 基本功能 | 1. 索引所有应用,支持自动更新新应用 2. 启动应用 3. 右键分组、添加、移除、重命名应用 4. 快捷键快速操作与排序 |
1. 索引所有应用,支持自动更新新应用 2. 启动应用 3. 右键分组、添加、移除、重命名应用 4. 快捷键快速操作与排序 |
| 高级功能 | 无 | 5. 导入原有启动台分组 6. 手动备份当前分组并恢复 7. 多语言支持(免费版为英语界面) |
| 价格 | 免费 | $3 ( 2025 年 9 月 1 日 0 时前) 此后将变为 $5 |
| 获取 | Github Releases | 点击购买 |
软件是完全开源的,这两个版本的代码都可以在 GitHub 上找到并运行。有条件的朋友可以自行下载运行使用。
如果想直接使用我编译+签名的版本,部分功能考虑到它的制作难度与使用门槛,我为编译和签名的划分了免费版和付费版。免费版更适合没有迁移需求的一般用户,付费版适合有迁移需求的用户。
如果这个软件刚好可以帮到你,可以考虑在升级到 macOS 26 前使用它备份 Launchpad 的分组分类,再进行升级。
也正是因为 macOS 正式发布已经近在眼前,我才加快了写作速度,将一个大致完成的版本上线。目前软件还在迭代中,因为给原生的 Launchpad 增加了一些功能,也减少了一些功能,当前软件的呈现形态还有不够完美的地方。如果有好的建议,欢迎来和我聊一聊,我会考虑把它加进来,在能力范围内把它做得更加符合之前的使用习惯,让升级 macOS 系统可以更加“无痛”。
如题,s10 的港版和日版有区别吗?谢谢。
我就说我怎么送了那么多码,评价不见增多呢。笑死了。😹
爱回收应该也不收吧?
前情提要:https://v2ex.com/t/1042675?p=2#reply111
去年 5 月份发帖,从 iPhone13pro max,换成了红米 K70, 刚用的时候挺爽的,大概半年后,手机特别卡,用起来不舒服了,app 的质量堪忧,使用体验不太爽,我今年 3 月份换回来了.
目前应该是安卓解毒了,最近几年应该不会换回安卓了.
我的 Apple Intelligence 呢?😡
Apple has just released its weekly update to XProtect for all supported versions of macOS, bringing it to version 5312. As usual, Apple doesn’t release information about what security issues this update might add or change.
This version adds three new detection rules: MACOS.SOMA.AUENB augmenting rules for the Soma/Amos family, MACOS.DUBROBBER.CHBI for another Dubrobber variant, and MACOS.ODYSSEY.LELI for an additional Odyssey variant.
You can check whether this update has been installed by opening System Information via About This Mac, and selecting the Installations item under Software.
A full listing of security data file versions is given by SilentKnight and SystHist for El Capitan to Tahoe available from their product page. If your Mac hasn’t yet installed this update, you can force it using SilentKnight or at the command line.
If you want to install this as a named update in SilentKnight, its label is XProtectPlistConfigData_10_15-5312
This update has now been released for Sequoia via iCloud. If you want to check it manually, use the Terminal commandsudo xprotect check
then enter your admin password. If that returns version 5312 but your Mac still reports an older version is installed, you may be able to force the update usingsudo xprotect update
As we near the end of Tahoe’s incubation period, and Apple’s engineers code its last fixes and tweaks ready for its launch in just a few weeks, I’d like to reflect on what macOS 26 has to offer beyond its marketing headlines.
While there are several worthwhile new features such as the Phone app, Magnifier, and live translation, there’s nothing to compare with the fundamental changes in recent versions of macOS that brought the SSV, Shortcuts, System Settings and Apple Intelligence. Instead Tahoe is overwhelmingly about its human interface.
Every new design of the Mac’s operating systems that I can recall has elicited outcry from many. Understandably, the majority almost invariably want constancy, the same Finder and app icons that we’ve become so familiar with. It’s only human. It’s also a sure route to what others will condemn as stale, as it hasn’t been refreshed for so many years.
Personally, I don’t like to see a design on my Mac. If I notice it, then it’s a distraction. I’d much prefer to have an interface as clean as the whistles of the late Classic Mac OS period: lean, purposeful and lacking in visual trickery or frippery. But I accept that, without all the adornments and animations, many today would wonder why their Mac needed a GPU. I confess that I was never a fan of the original Aqua interface either. Given that its declared goal was to “incorporate colour, depth, translucence, and complex textures into a visually appealing interface”, I wonder whether much the same could be said of Tahoe.
Perhaps the most striking feature of this redesign is its lack of contrast between elements and tools in window controls and their contents, whether its appearance is set to light or dark mode, or one of its new in-between variants. You can see this clearly in most screenshots of Tahoe, such as those posted by Apple, and as far as I can see it hasn’t improved during beta-testing. This is also universal, and isn’t confined to apps using the more novel SwiftUI, although I have to keep pinching my thigh to remind myself that SwiftUI is now six years old, only two years younger than APFS. The contrast in stability and maturity between the two couldn’t be greater.
You can of course ‘improve’ contrast by enabling Reduce Transparency in Accessibility settings, but in doing so you lose most if not all of Tahoe’s Liquid Glass effects, as they depend on the transparency you’ve just turned off.
Transparency is a good example of design being given priority over readability or content. Because the appearance of the upper layer containing controls or content depends on what is underneath, it’s down to chance whether the greyed text you’re struggling to read happens to be over a background that further reduces its contrast. In the worst case, you could find yourself having to move a window so you can read part of it clearly, not a sign of a good human interface.
My other major concern with Tahoe’s new look is that it seems not to recognise the differences between Macs, iPads and iPhones, in terms of displays, input controls, and apps. Rather than sameness, I’d much rather have consistency that recognises the difference between manipulating Xcode’s compound windows containing dense structured text on a 27-inch display, and checking a family photo filling the 6.1-inch display of an iPhone.
One of my favourite controls in macOS is the Combo Box, a versatile and elegant hybrid of the popup/dropdown/pulldown menu/button and a text entry box. I can’t recall seeing one used in iOS, as it would be clumsy and inappropriate. It’s well supported for macOS in AppKit but hasn’t yet been implemented in SwiftUI. If controls are going to be common across all Apple’s operating systems, then macOS is about to lose one of its best.
It seemed only appropriate that, in the weeks before Apple releases OS 26 across Macs and devices, Tim Cook should go to the White House to pay its corporate tribute in a block of materialised Liquid Glass mounted on pure bling. But the image that I keep thinking of in fear, is that of Elon Musk demonstrating the resilience of his Cybertruck’s window by throwing a metal ball at it, in November 2019. I just hope Tahoe’s Liquid Glass doesn’t go the same way.
Apple has just released urgent security updates to bring macOS Sequoia to 15.6.1, Sonoma to 14.7.8, and Ventura to 13.7.8.
Security release notes for these are already available, for 15.6.1, 14.7.8 and 13.7.8 Each refers to the same single vulnerability in ImageIO, which is apparently being exploited “in an extremely sophisticated attack against specific targeted individuals” using a crafted image file.
The download for 15.6.1 is about 1.56 GB for an Apple silicon Mac, and should be well under 1 GB for Intel. Time to update!
Apple has just released an update to XProtect for all supported versions of macOS, bringing it to version 5311. As usual, Apple doesn’t release information about what security issues this update might add or change.
This version adds eight new detection rules, for MACOS.BANSHEE.MA, MACOS.BANSHEE.MA2, MACOS.SOMA.GEGO, MACOS.POSEIDON.B, MACOS.TIMELYTURTLE.FUNA, MACOS.TIMELYTURTLE, MACOS.TIMELYTURTLE.INDRBYSE and MACOS.TIMELYTURTLE.INDR. Banshee, Poseidon and TimelyTurtle are new names in XProtect’s Yara rules.
You can check whether this update has been installed by opening System Information via About This Mac, and selecting the Installations item under Software.
A full listing of security data file versions is given by SilentKnight and SystHist for El Capitan to Tahoe available from their product page. If your Mac hasn’t yet installed this update, you can force it using SilentKnight or at the command line.
If you want to install this as a named update in SilentKnight, its label is XProtectPlistConfigData_10_15-5311
This update has already been released for Sequoia via iCloud. If you want to check it manually, use the Terminal commandsudo xprotect check
then enter your admin password. If that returns version 5311 but your Mac still reports an older version is installed, you may be able to force the update usingsudo xprotect update
Apple has just released an update to XProtect for all supported versions of macOS, bringing it to version 5310. As usual, Apple doesn’t release information about what security issues this update might add or change.
This version adds a single new detection rule for MACOS.SOMA.AUENA, further extending its coverage of Soma/Amos.
You can check whether this update has been installed by opening System Information via About This Mac, and selecting the Installations item under Software.
A full listing of security data file versions is given by SilentKnight and SystHist for El Capitan to Tahoe available from their product page. If your Mac hasn’t yet installed this update, you can force it using SilentKnight or at the command line.
If you want to install this as a named update in SilentKnight, its label is XProtectPlistConfigData_10_15-5310
This update has already been released for Sequoia via iCloud. If you want to check it manually, use the Terminal commandsudo xprotect check
then enter your admin password. If that returns version 5310 but your Mac still reports an older version is installed, you may be able to force the update usingsudo xprotect update
Apple has just released updates to XProtect for all supported versions of macOS, bringing it to version 5309, and to XProtect Remediator for all macOS from Catalina onwards, to version 153. As usual, Apple doesn’t release information about what security issues these updates might add or change.
Yara definitions in this version of XProtect add a single new detection rule for MACOS.SOMA.JUENB, part of the Soma/Amos family.
XProtect Remediator doesn’t change the list of scanner modules.
There are extensive changes to the Bastion rules, which add a new definition for common system binaries, extend Rule 1 coverage to include support folders for more browsers, tweak Rules 3 and 14-17, and add new Rules 18-24.
You can check whether these updates have been installed by opening System Information via About This Mac, and selecting the Installations item under Software.
A full listing of security data file versions is given by SilentKnight and SystHist for El Capitan to Tahoe available from their product page. If your Mac hasn’t yet installed this update, you can force it using SilentKnight or at the command line.
If you want to install these as named updates in SilentKnight, their labels are XProtectPayloads_10_15-153 and XProtectPlistConfigData_10_15-5309.
The XProtect update has already been released for Sequoia and Tahoe via iCloud. If you want to check it manually, use the Terminal commandsudo xprotect check
then enter your admin password. If that returns version 5304 but your Mac still reports an older version is installed, you may be able to force the update usingsudo xprotect update
Since writing A brief history of local search, I have come across numerous patents awarded to Apple and its engineers for the innovations that have led to Spotlight. This more detailed account of the origins and history of Spotlight uses those primary sources to reconstruct as much as I can at present.
1990
ON Technology, Inc. released On Location, the first local search utility for Macs, a Desk Accessory anticipating many of the features to come in Spotlight 15 years later. This indexed text found in the data fork of files, using format-specific importer modules to access those written by Microsoft Word, WordPerfect, MacWrite and other apps of the day. Those files and their indexed contents were then fully searchable. This required System Software 6.0 or later, and a Mac with a hard disk and at least 1 MB of RAM. It was developed by Roy Groth, Rob Tsuk, Nancy Benovich, Paul Moody and Bill Woods.
1991
Version 2 of On Location was released. ON Technology was later acquired by Network Corporation, then by Symantec in 2003.
AppleSearch was released, and bundled in Workgroup Servers. This was based on a client-server system running over AppleShare networks. September’s release of System Software 7.5 introduced a local app Find File, written by Bill Monk.
Sherlock was released in Mac OS 8.5. This adopted a similar architecture to AppleSearch, using a local service that maintained indexes of file metadata and content, and a client app that passed queries to it. This included remote search of the web through plug-ins working with web search engines, as they became available.
Early patent applications were filed by Apple’s leading engineers who were working on Sherlock, including US Patent 6,466,901 B1 filed 30 November 1998 by Wayne Loofbourrow and David Cásseres, for a Multi-language document search and retrieval system.
Sherlock 2 was released in Mac OS 9.0. This apparently inspired developers at Karelia Software to produce Watson, ‘envisioned as Sherlock’s “companion” application, focusing on Web “services” rather than being a “search” tool like Sherlock.’
On 5 January, Yan Arrouye and Keith Mortensen filed what became Apple’s US Patent 6,847,959 B1 for a Universal Interface for Retrieval of Information in a Computer System. This describes the use of multiple plug-in modules for different kinds of search, in the way that was already being used in Sherlock. Drawings show that it was intended to be opened using an item on the right of the menu bar, there titled [GO-TO] rather than using the magnifying glass icon of Sherlock or Spotlight. This opened a search dialog resembling a prototype for Spotlight, and appears to have included ‘live’ search conducted as letters were typed in.
Karelia Software released Watson.
Mac OS X Jaguar brought Sherlock 3, which many considered had an uncanny resemblance to Watson. That resulted in acrimonious debate.
In preparation for the first Intel Macs, Mac OS X 10.4 Tiger, released in April 2005, introduced Spotlight as a replacement for Sherlock, which never ran on Intel Macs.
Initially, the Spotlight menu command dropped down a search panel as shown here, rather than opening a window as it does now.
On 4 August, John M Hörnkvist and others filed what became US Patent 7,783,589 B2 for Inverted Index Processing, for Apple. This was one of a series of related patents concerning Spotlight indexing. Just a week later, on 11 August, Matthew G Sachs and Jonathan A Sagotsky filed what became US Patent 7,698,328 B2 for User-Directed search refinement.
A Finder search window, precursor to the modern Find window, is shown in the lower left of this screenshot taken from Tiger in 2006.
Spotlight was improved in Mac OS 10.5 Leopard, in October. This extended its query language, and brought support for networked Macs that were using file sharing.
This shows a rather grander Finder search window from Mac OS X 10.5 Leopard in 2009.
Search attributes available for use in the search window are shown here in OS X 10.9 Mavericks, in 2014.
In OS X 10.10 Yosemite, released in October, web and local search were merged into ‘global’ Spotlight, the search window that opens using the Spotlight icon at the right end of the menu bar, accompanied by Spotlight Suggestions.
John M Hörnkvist and Gaurav Kapoor filed what was to become US Patent 10,885,039 B2 for Machine learning based search improvement, which appears to have been the foundation for Spotlight Suggestions, in turn becoming Siri Suggestions in macOS Sierra. Those were accompanied by remote data collection designed to preserve the relative anonymity of the user.
This shows a search in Global Spotlight in macOS 10.12 Sierra, in 2017.
Apple acquired Laserlike, Inc, whose technology (and further patents) has most probably been used to enhance Siri Suggestions. Laserlike had already filed for patents on query pattern matching in 2018.
I’m sure there’s a great deal more detail to add to this outline, and welcome any additional information, please.
4 August 2025: I’m very grateful to Joel for providing me with info and links for On Location, which I have incorporated above.
Plenty of great apps have been created using the Mac’s scripting languages, but commercial developers have largely relied on compiled languages used and supported by Apple for app and system development. Over the years those have included Object Pascal, C/C++, Objective-C and most recently Swift. This article provides a brief overview of how those changed.
Following Apple’s use of UCSD Pascal on Apple II computers, when the Lisa was being developed its primary language was Lisa Pascal. Apple was also working on the novel object-oriented language Smalltalk which originated in Xerox’s PARC in 1969, but its syntax was unfamiliar and performance was poor. Lisa Pascal was therefore developed into Clascal, dividing code into distinct interface and implementation sections, with classes, subclasses, methods and inheritance.
During the first couple of years, software for the Mac was thus developed using Clascal on Lisa systems.
In 1984-85, Larry Tesler and supporting engineers in Apple (including Barry Haynes, Ken Doyle and Larry Rosenstein) worked with Niklaus Wirth, the inventor of Pascal, to develop Clascal into Object Pascal, the primary language for Mac development. With this, they also developed the first version of the MacApp class library that provided a framework to support common application features including the Mac’s GUI.
These were released together in September 1986, in Macintosh Programmer’s Workshop (MPW), which was adopted as the standard development environment for the Mac, both in-house and for third-parties. At that time, the only compiled language supported by MPW was Object Pascal, and it wasn’t until the following summer that the first beta of its C/C++ compiler was released with MPW 2.0. That was developed by Greenhills, but Object Pascal remained the more widely used, particularly in combination with MacApp, also written in Object Pascal. Major developers including Adobe created early versions of their products using Object Pascal and MacApp, perhaps the most famous example being Adobe Photoshop.
At the same time, Think Technologies released the first popular third-party compiler, LightSpeed C, in 1986. This soon became THINK C, gained C++ support, was joined by THINK Pascal, and was bought by Symantec. Borland ported its Turbo Pascal to the Mac, where it adopted the extensions of Object Pascal, and eventually became the cross-platform Delphi in 1995.
With the release of System 7 in 1991, Apple abruptly switched from Object Pascal to C++, and MacApp 3.0 also changed language. Smaller developers who had extensive source in Object Pascal were far from happy, and in some cases successful products vanished from the market. Others were rescued when Metrowerks released a new integrated development environment for C/C++ as CodeWarrior at the end of 1993 or early 1994. This drew most who had been using THINK C, and MPW also went into decline. The decisive factor was CodeWarrior’s early support for Apple’s new PowerPC Macs. CodeWarrior’s C/C++ saw many Mac developers through that hardware transition until the release of Mac OS X in 2000-01.
With Mac OS X came its own primary development language Objective-C, and Apple’s new integrated development environment Project Builder, also derived from NeXTSTEP but written from scratch for the Mac. That was replaced by the first version of Xcode with Mac OS X 10.3 Panther in 2003.
This screenshot shows Xcode in 2015.
Objective-C had been one of the two object-oriented contenders to succeed C. The other, C++, had already become more widely adopted, and had been favoured by Apple for the previous decade. Although both claim C as their ancestor, there’s little in common between them, and in many respects Objective-C more closely resembles Smalltalk, rejected by Apple when developing the Lisa. Developers whose source code had started in Object Pascal and was then ported to C++, had another major task to convert that to Objective-C.
Originally designed and developed by Brad Cox and Tom Love during the early 1980s, Objective-C’s biggest success had been its selection as the primary development language for NeXTSTEP later that decade. When Apple adopted that as the foundation for Mac OS X, it was inevitable that the language should come with it.
In keeping with its track record, no sooner had Apple entered the 2010s than its engineers, under the lead of Chris Lattner, were working on the successor to Objective-C. Significant early collaborators included Doug Gregor, John McCall, Ted Kremenek and Joe Groff. A first beta-release was provided at WWDC in 2014, and since then Swift has been progressively replacing Objective-C as Apple’s primary development language.
Swift is described as being a multi-paradigm language, and over the course of the last 15 years it has assimilated and adopted almost every available programming paradigm, from classes and objects to protocols and declaratives. Although it’s still possible to write plain code that is understandable by someone with a grounding in C or Pascal, those who prefer to adopt almost any other paradigm can render their code nearly unintelligible to others. Differences between the current version 6.1.2 and version 1.0 from 2014 are huge.
From those early days, Swift has had an interactive mode, based on the ‘read-eval-print loop’ (REPL) popularised by Lisp. This versatility has been developed in Swift Playgrounds, both within Xcode and as a standalone app targeted at those of all ages learning to code for the first time.
As an introduction to Swift in education, this has been impressive, but it hasn’t proved a gateway for those who didn’t really want to learn how to use Xcode in the first place.
With the release of Swift 5.0 in February-March 2019, the language reached a major milestone of stability in its application binary interface (ABI). Prior to that, executable code built from Swift source had to be delivered with its own copy of Swift’s runtime libraries, amounting to over 11 MB for regular apps. Starting from the release of macOS 10.14.4, and Xcode 10.2, apps written in Swift 5.0 didn’t need those frameworks (except for compatibility when running on older macOS), as their ‘glue’ to macOS has since been delivered in the system. Later that year, module stability was added, to allow sharing of binary frameworks compatible with future versions of Swift.
This screenshot shows the Interface Builder feature in Xcode in 2024.
Although those have been primary development languages, Apple and third-parties have supported many others. Here’s a small personal sample.
In 1984, what was to become Macintosh Common Lisp (MCL) began development. It was released in 1987, initially as Coral Common Lisp (CCL), then Macintosh Allegro Common Lisp, and MCL. It moved on to Digitool in 1994 for PowerPC support, and was made open source in 2007. Unusually for what’s normally considered a specialist language, MCL was well integrated with Mac OS and its GUI.
After MCL drifted off into oblivion, LispWorks’ cross-platform implementation of ANSI Common Lisp took over, and remains thoroughly mature and productive, with extensive browsing facilities, debugging, and more.
An extraordinarily concise and powerful language, APL is also one of the oldest, having been defined in 1962 and first implemented a couple of years later. It uses Greek and special symbols in its own custom font, concatenating them into cryptic lines that make perl look verbose. Its last Mac implementation, MicroAPL’s APLX 5.1, was still able to run in El Capitan, but has sadly been abandoned. However, Dyalog APL remains actively developed, and even supports Apple silicon Macs. Other notable losses include Absoft, whose Fortran compilers were widely used on Macs from 1985, and shut down in 2022.
Microsoft’s Visual Studio Code, supporting more than thirty programming languages including JavaScript, C#, C++, and Java, was a latecomer to the Mac, and has most recently become VS Code.
David Cásseres (1983) Clascal Reference Manual for the LISA, First Draft
Clascal, Wikipedia
Larry Tesler (1985) Object Pascal, Report
Object Pacal, Wikipedia
MPW, Wikipedia
CodeWarrior, Wikipedia
Swift, Wikipedia
Apple has just released an update to XProtect for all supported versions of macOS, bringing it to version 5305. As usual, Apple doesn’t release information about what security issues this update might add or change.
This version adds a single new rule for MACOS.SOMA.JLEN, part of the Amos/Soma family of malware.
You can check whether this update has been installed by opening System Information via About This Mac, and selecting the Installations item under Software.
A full listing of security data file versions is given by SilentKnight and SystHist for El Capitan to Tahoe available from their product page. If your Mac hasn’t yet installed this update, you can force it using SilentKnight or at the command line.
If you want to install this as a named update in SilentKnight, its label is XProtectPlistConfigData_10_15-5305
This update has already been released for Sequoia via iCloud. If you want to check it manually, use the Terminal commandsudo xprotect check
then enter your admin password. If that returns version 5305 but your Mac still reports an older version is installed, you may be able to force the update usingsudo xprotect update
This week’s security data updates were quite a surprise. We’ve grown accustomed to Apple tweaking XProtect’s data most weeks, but this week was a bit different, and came with an update to XProtect Remediator as well, the first in four months. This article explores what they have brought.
Although this security data all goes under the name of XProtect, there are three different protection systems involved.
The traditional XProtect contains a set of ‘Yara’ rules used when performing Gatekeeper scans of new executable code, most notably when a quarantined app is first run, although recent macOS also runs XProtect checks on other occasions. Those rules are used to determine whether the code being scanned is known to be malicious, and if it’s found to be positive, macOS refuses to run that code and you’re told to trash the app.
XProtect Remediator only runs in Catalina and later, where it performs daily background scans to detect and remove software it believes to be malicious. It currently contains 24 separate scanning modules, each designed to detect and ‘remediate’ a different family of malware. Some of its modules also use the detection rules in traditional XProtect, so are improved by regular XProtect data updates. Surprisingly, if XProtect Remediator detects and removes malware, you aren’t notified, although that is recorded in the log and reported as an Endpoint Security event that can be detected by some third-party security software.
Inside the XProtect Remediator app are two files used by the third XProtect, which detects potentially malicious activity such as tampering with parts of a browser’s files. This is therefore referred to as XProtect Behavioural, or by the name it gives to the detection rules it uses, Bastion. Unlike the other two XProtects, this doesn’t rely on performing static checks, but is watching constantly for malicious activity. Although it records that in its local database, at present it doesn’t inform the user, but reports the activity to Apple, to help it acquire intelligence to improve the battle against malware.
XProtect version 5304, provided by Apple on 8 July, makes substantial changes to its Yara detection rules to add what appears to be a new family of malware, code-named Bonzai. New rules refer to five different forms, which are most likely to be different components in the same malware, or separate variants, named Bonanza, Barricade, Blaster, Bonder and Banana. It’s likely that independent security researchers will identify these in the coming days, but for the moment the public name of this malware isn’t known.
Looking through these new Yara rules, they look most likely to be for a ‘stealer’, a type of malware that’s currently prevalent, and steals your secrets to send them to a remote server. There are references to Chrome, Brave, Edge and Firefox extensions, and most interestingly some of the malware has been compiled from code written in the Go language, which is becoming popular in cross-platform malicious code.
The last times that Apple added detection rules as substantial as these were in XProtect version 5284 for Adload and Bundlore, and in 5269 for Dolittle, each being major threats.
Until now, the behavioural rules used by Bastion have evolved steadily, and the most rules added in one release has only been two, when XProtect Remediator version 123 came with rules 8 and 9, and changes to rule 7, back in January 2023. This update brings four new rules:
The first two may be intended to detect AppleScript being used to control those browsers, the Finder or to run scripts in Terminal. Rule 16 may also be related to Apple’s recent announcement on controlling access to the pasteboard in macOS 26. Rule 17 concerns settings files commonly used by command shells, readily seen if you reveal hidden files for your Home folder.
These may well be related to Bonzai, and enable Apple to get a better idea of what is going on out here in the wild, and focus its efforts in improving its detection.
Once samples of malware have been obtained, developing and testing new Yara rules to detect it is relatively quick, and often uses AI to accelerate the process. Writing a new scanning module for XProtect Remediator is more complicated, and takes more time. It may well be that an additional Bonzai scanner is already on its way, and might be delivered in a further update in the next couple of weeks, perhaps with some fine-tuning of the new Bastion rules. I’ll be keeping a lookout for those.
Above all, it will be interesting to see what changes are made in third-party security software, and how well those tackle what appears to be novel malware for macOS.
Login
