Last week’s software updates don’t appear to have worked properly on some Macs which obtain their updates through a local Content Caching server. If you experienced errors when client Macs tried to install the XProtect 2162 and XProtect Remediator 71 updates pushed on 18 August, then you are among those affected. If you run a Content Caching server, I recommend that you check whether your Macs have updated correctly.
Although some have suffered other problems with Content Caching servers for longer, for many this problem first started to occur in early June 2022, when the XProtect update to version 2160 failed to install correctly on 9 June. This persisted until 4 August, when the update to XProtect Remediator version 68 did install correctly. During those two months, I filed a Feedback with Apple, and pursued it vigorously in articles here and in follow-up information supporting that Feedback. In late July, Apple informed me that the issue had been fixed, and that XProtect Remediator update on 4 August was the first test. I therefore closed that Feedback as fixed.
The next updates were released on 17 August, to Monterey 12.5.1, and 18 August, for XProtect and XProtect Remediator. While my Content Caching server worked fine for the macOS security update, the old problem returned with the two security data updates the following day. Just as before, the workaround was to temporarily disable the service, force the updates on other local Macs, then to enable Content Caching again.
This is a reversion to the behaviour of June and July, which can leave client Macs with old versions of macOS security data updates, which is a serious security problem. I have therefore filed a new Feedback with Apple, report FB11333839, and sent with that two sysdiagnoses, one taken from a client that failed to update from the server, the other covering the same period of time on the Content Caching server itself.
I think this may have brought us one step further in understanding where this bug is, as on this occasion one of the clients that failed to install the updates is running Ventura beta, which didn’t have the macOS 12.5.1 update. Possible points of failure are:
- the client Mac, failing to install the update;
- the Content Caching server, failing to deliver the update correctly to clients;
- the remote software update server, failing to deliver the update correctly to the local server.
We can therefore eliminate the client now. Although there’s no indication that such a limited macOS security update should have changed anything in the Content Caching server, only Apple knows whether that could have occurred. My suspicions, though, are that this is a problem being generated by Apple’s software update servers, as it’s confined to security data updates and doesn’t appear to affect other updates delivered using the same local services.
If you run a local Content Caching server and haven’t already confirmed that its client Macs have successfully installed the XProtect 2162 and XProtect Remediator 71 updates, I strongly recommend that you check now. The two updates in question are named:
and should have been installed on or soon after 18 August. The first should be installed on all Macs, as it updates XProtect data files, and the second on all those running Catalina or later, which run the new XProtect Remediator scanning service.
This article explains what you can do to address any problems you find. If your Content Caching server has the same problem, feel free to file your own Feedback, please, attaching matching sysdiagnoses demonstrating the problem in both client and server.
As soon as I have any news on a fix, I’ll post another article here.