Has Apple broken Content Caching server updates again?

Last week’s software updates don’t appear to have worked properly on some Macs which obtain their updates through a local Content Caching server. If you experienced errors when client Macs tried to install the XProtect 2162 and XProtect Remediator 71 updates pushed on 18 August, then you are among those affected. If you run a Content Caching server, I recommend that you check whether your Macs have updated correctly.

Although some have suffered other problems with Content Caching servers for longer, for many this problem first started to occur in early June 2022, when the XProtect update to version 2160 failed to install correctly on 9 June. This persisted until 4 August, when the update to XProtect Remediator version 68 did install correctly. During those two months, I filed a Feedback with Apple, and pursued it vigorously in articles here and in follow-up information supporting that Feedback. In late July, Apple informed me that the issue had been fixed, and that XProtect Remediator update on 4 August was the first test. I therefore closed that Feedback as fixed.

The next updates were released on 17 August, to Monterey 12.5.1, and 18 August, for XProtect and XProtect Remediator. While my Content Caching server worked fine for the macOS security update, the old problem returned with the two security data updates the following day. Just as before, the workaround was to temporarily disable the service, force the updates on other local Macs, then to enable Content Caching again.

This is a reversion to the behaviour of June and July, which can leave client Macs with old versions of macOS security data updates, which is a serious security problem. I have therefore filed a new Feedback with Apple, report FB11333839, and sent with that two sysdiagnoses, one taken from a client that failed to update from the server, the other covering the same period of time on the Content Caching server itself.

I think this may have brought us one step further in understanding where this bug is, as on this occasion one of the clients that failed to install the updates is running Ventura beta, which didn’t have the macOS 12.5.1 update. Possible points of failure are:

the client Mac, failing to install the update;
the Content Caching server, failing to deliver the update correctly to clients;
the remote software update server, failing to deliver the update correctly to the local server.

We can therefore eliminate the client now. Although there’s no indication that such a limited macOS security update should have changed anything in the Content Caching server, only Apple knows whether that could have occurred. My suspicions, though, are that this is a problem being generated by Apple’s software update servers, as it’s confined to security data updates and doesn’t appear to affect other updates delivered using the same local services.

If you run a local Content Caching server and haven’t already confirmed that its client Macs have successfully installed the XProtect 2162 and XProtect Remediator 71 updates, I strongly recommend that you check now. The two updates in question are named:

XProtectPlistConfigData_10_15.16U4214
XProtectPayloads_10_15.16U4217

and should have been installed on or soon after 18 August. The first should be installed on all Macs, as it updates XProtect data files, and the second on all those running Catalina or later, which run the new XProtect Remediator scanning service.

This article explains what you can do to address any problems you find. If your Content Caching server has the same problem, feel free to file your own Feedback, please, attaching matching sysdiagnoses demonstrating the problem in both client and server.

As soon as I have any news on a fix, I’ll post another article here.

8Comments

Add yours

1

C pragman on August 23, 2022 at 11:42 am

My m1 Macs updated fine. My Intel Mac would not install last week’s security update until I turned off the content caching server

LikeLiked by 1 person
- 2
  
  hoakley on August 23, 2022 at 11:42 am
  
  Thank you.
  Howard
  
  LikeLike
3

jmrichards7f14f5632c on August 23, 2022 at 7:19 pm

If it helps, my Content Caching server is on an Intel Mini, but my M1 MBP didn’t do the security update. Not sure what that means in terms of the but, but I’ve disabled Content Caching until Apple gets it sorted.

LikeLiked by 1 person
- 4
  
  hoakley on August 23, 2022 at 7:20 pm
  
  Thank you.
  Howard
  
  LikeLike
5

eyelessjerry on August 29, 2022 at 3:37 pm

It could not be related to Apple (?) adding XProtect in the Security settings for Full disk access but does not ask to have it activated? Guess most would be wary (including me) of granting access as it is hard to tell if it really is supposed to be granted full disk access and even if it is APple’s XProtect (that few will also have heard about in the first place).

LikeLiked by 1 person
- 6
  
  hoakley on August 29, 2022 at 3:39 pm
  
  Thank you, but no.
  Yes, it’s strange, but it doesn’t affect updates at all.
  Howard
  
  LikeLiked by 1 person
7

Michael Tsai - Blog - Missed Security Updates Due to Content Caching on August 29, 2022 at 3:42 pm

[…] Update (2022-08-29): Howard Oakley: […]

LikeLike
8

Mike Newman on September 3, 2022 at 9:58 am

This was driving me nuts until I discovered that my wife had Content Caching enabled on her M1 iMac. I disabled it and Silent Knight was able to install the latest XProtect.

LikeLiked by 1 person

Share this:

Like this:

Related