Macs Crash After 49 Days of Uptime? ↦

The unexpected crash stems from a 32‑bit unsigned integer overflow in the XNU kernel’s TCP timestamp counter. When a Mac exceeds 49 days, 17 hours, 2 minutes and 47 seconds of uninterrupted operation, the counter wraps around, halting the internal clock that drives most network protocols. While ICMP echo requests still succeed, TCP‑based services—including HTTP, SSH, and database connections—become dead, forcing administrators to reboot the machine. This edge‑case bug, hidden for years, resurfaced as developers like Photon deployed Mac minis as low‑cost, always‑on iMessage relays, exposing the fragility of long‑running macOS instances.

For enterprises, the impact is twofold. First, any infrastructure that depends on macOS for continuous processing—such as content‑delivery nodes, monitoring agents, or custom automation—faces unexpected downtime after roughly seven weeks, disrupting service‑level agreements and increasing operational overhead. Second, the bug underscores a broader risk: core kernel components still rely on legacy 32‑bit arithmetic, a design choice that modern cloud‑native environments rarely tolerate. Companies must now weigh the cost of frequent reboots against the urgency of applying Photon’s interim patch or migrating workloads to platforms with more robust uptime guarantees.

Mitigation strategies are already emerging. Photon’s team is releasing a kernel module that resets the timestamp counter before overflow, buying an additional 30‑day window. Administrators can also schedule automated reboots at the 45‑day mark, ensuring services restart before the failure point. In the longer term, Apple is expected to address the overflow in an upcoming macOS update, likely moving the timestamp to a 64‑bit representation. Until then, organizations should audit their Mac fleets, implement monitoring for uptime thresholds, and consider diversifying critical services onto Linux or Windows servers to avoid a single‑point failure tied to this obscure kernel bug.