Last Week on My Mac: Fortnightmare

Personally, I look forward to updates, both in macOS and fortnightly revisions to XProtect Remediator. Ventura never ceases to surprise in the bugs that have been fixed, and its new turn of speed in installing macOS updates. As I’ve been following the blossoming of Apple’s new malware scanner, I’m also delighted at its attentive support and rapid maturity. But I’m afraid that in the last few months those updates haven’t been free from their problems, and my personal feelings are being replaced by dread of the problems that you’re reporting.

Against the background of difficulties I’ve had with my local Content Caching server since June, macOS upgrades and updates have been a breeze for me. Back in the dark days of Big Sur, almost a gigabyte of every macOS update for Apple silicon Macs had to be downloaded direct. In Monterey, the time required to install minimal macOS updates differed little between my T2 and M1 Macs, and its 30 minutes preparation took around the expected time. I used to race my Macs against one another.

The contrast between 13.0.1 on T2 and M1 models couldn’t have been greater: my iMac Pro was out of use for as long as ever, although it now transpires that a small iBridge firmware update was also involved. Both my M1 Macs completed the update in less than a quarter of that time, and the second fetched the whole download from my Content Caching server. For the first time, those ‘thirty’ minutes of preparation shot by in about four.

Then I heard about your problems in even seeing this update. We’ve returned to old recipes of restarting your Mac, trying again in Safe Mode, and running SilentKnight to see if that can find it (although you’ll wisely let Software Update handle the installation, I hope). Unlike the Ventura upgrade that came as an update and installed where it wasn’t wanted, the real update to 13.0.1 seems to have played hard to get.

Just a day later came the scheduled fortnightly XProtect Remediator update, this time with a small update to XProtect’s detection data as well. More users reported not finding it, and some with Content Caching servers continued to have problems. In my case, these were different to the failed updates that had started in June: last week softwareupdate simply hung when asking my server to deliver those two updates.

I also tried an experiment a few hours after those security updates became available, and were safely installed on two other Macs. I left my M1 MacBook Pro to see if it could find them without any use of softwareupdate or SilentKnight. It reported that it was checking for updates, then failed to find any. Only when I had disabled my server (running on the Mac that had already installed the updates itself) did softwareupdate in SilentKnight install them correctly.

Apple rightly insists that timely security updates are essential to its support of macOS. Its engineers respond quickly to reports of known vulnerabilities, with a small patch for Ventura, and tune XProtect Remediator to improve its service. But when it comes to delivering those updates, something is amiss.

There’s also the outstanding question as what exactly 13.0.1 did fix: just the two bugs listed in its release notes, or a bit more?

Although I didn’t notice it at the time, the 13.0.1 update changed the version number of iBridge firmware on Intel Macs with a T2 chip, but doesn’t appear to have updated any other firmware, including that on Apple silicon models. Are you telling me that the bugs in libxml2 also affected iBridge, or was that another, undocumented fix?

I was also puzzled by the announcement by those who deliver third-party products using Endpoint Security that the 13.0.1 update fixed its problems too. Now that has been confirmed by multiple sources, it appears correct, despite Apple not informing those developers or their users. This is even more confusing, as beta-testers have confirmed that bug isn’t fixed yet in pre-release versions of macOS 13.1, due next month. Not that any of this is explained by Apple.

Finding and installing security updates has become a game of chance for many, and following Apple’s recommendation to use a Content Caching server has increased the risk of failure. Instead of these updates being positive experiences, they’ve become my fortnightmare.