Apple has upgraded its security software XProtect, it is now able to detect Windows files that can pose a threat to macOS users. An expert in the field of safety Patrick Wardle claims that the updated version of XProtect can detect files Windows Portable Executable (.PE).
Recall that XProtect is a protective system based on the use of signatures. It is connected with the built-in macOS antivirus Gatekeeper.
To protect and notify users of suspicious and malicious files Gatekeeper uses the file quarantine similar to that used in Windows.
If the anti-macOS detects a suspicious file, it verifies with the database of the XProtect signatures. While XProtect works on the basis of Yara rules and black lists.
Released recently update added XProtect base MACOS. d1e06b8 containing signatures of PE files. Wardle notes that the reason for this step was the Trojan Virus.MacOS.Winplyer —.EXE file designed to infect macOS computers.
Read more •••