A Critical Software Update Is Required For Your Mac But

  1. A Critical Software Update Is Required For Your Mac Button
  2. A Critical Software Update Is Required For Your Mac But Married
  3. A Critical Software Update Is Required For Your Mac Butter
  4. A Critical Software Update Is Required For Your Mac But An Error Was Encountered

This article is intended for enterprise and education network administrators.

Jan 10, 2018  PSA: While I can't help those who keep seeing this message repeatedly, it may interest you that this 'critical update' is the Touch Bar's OS. When you do a clean install of Sierra, it does a clean install of the watchOS-esque software on the Touch Bar's chip too. That's why it's critical. Mar 31, 2020 Apple also releases system updates that keep your Mac secure and stable. When a new major version of OS X is released, you can download the upgrade for free from the App Store. If you're using an older version of OS X, updates are handled through the Software Update utility. Installing new versions of macOS on a Mac should be a pretty simple exercise. The Mac tells you there's an update available via a pop up in Notification Centre - in some cases (depending on your. Oct 18, 2019 If any updates are available, click the Update Now button to install them. Or click ”More info” to see details about each update and select specific updates to install. When Software Update says that your Mac is up to date, the installed version of macOS and all of its apps are also up to date.

Apple products require access to the Internet hosts in this article for a variety of services. Here's how your devices connect to hosts and work with proxies:

  • Network connections to the hosts below are initiated by the device, not by hosts operated by Apple.
  • Apple services will fail any connection that uses HTTPS Interception (SSL Inspection). If the HTTPS traffic traverses a web proxy, disable HTTPS Interception for the hosts listed in this article.

Make sure your Apple devices can access the hosts listed below.

Apple Push Notifications

Learn how to troubleshoot connecting to the Apple Push Notification service (APNs). For devices that send all traffic through an HTTP proxy, you can configure the proxy either manually on the device or with a configuration profile. Beginning with macOS 10.15.5, devices can connect to APNs when configured to use the HTTP proxy with a proxy auto-config (PAC) file.

Device setup

Access to the following hosts might be required when setting up your device, or when installing, updating or restoring the operating system.

HostsPortsProtocolOSDescriptionSupports proxies
albert.apple.com443TCPiOS, tvOS, and macOSYes
captive.apple.com443, 80TCPiOS, tvOS, and macOSInternet connectivity validation for networks that use captive portals.Yes
gs.apple.com443TCPiOS, tvOS, and macOSYes
humb.apple.com443TCPiOS, tvOS, and macOSYes
static.ips.apple.com443, 80TCPiOS, tvOS, and macOSYes
tbsc.apple.com443TCPmacOS onlyYes
time-ios.apple.com123UDPiOS and tvOS onlyUsed by devices to set their date and time
time.apple.com123UDPiOS, tvOS, and macOSUsed by devices to set their date and time
time-macos.apple.com123UDPmacOS onlyUsed by devices to set their date and time

Device Management

Network access to the following hosts might be required for devices enrolled in Mobile Device Management (MDM):

HostsPortsProtocolOSDescriptionSupports proxies
*.push.apple.com443, 80, 5223, 2197TCPiOS, tvOS, and macOSPush notificationsLearn more about APNs and proxies.
gdmf.apple.com443TCPiOS, tvOS, and macOSMDM server to identify which software updates are available to devices that use managed software updates.Yes
deviceenrollment.apple.com443TCPiOS, tvOS, and macOSDEP provisional enrollment.
deviceservices-external.apple.com443TCPiOS, tvOS, and macOS
identity.apple.com443TCPiOS, tvOS, and macOSAPNs certificate request portal.Yes
iprofiles.apple.com443TCPiOS, tvOS, and macOSHosts enrollment profiles used when devices enroll in Apple School Manager or Apple Business Manager through Device EnrollmentYes
mdmenrollment.apple.com443TCPiOS, tvOS, and macOSMDM servers to upload enrollment profiles used by clients enrolling through Device Enrollment in Apple School Manager or Apple Business Manager, and to look up devices and accounts.Yes
setup.icloud.com443TCPiOS onlyRequired to log in with a Managed Apple ID on Shared iPad.
vpp.itunes.apple.com443TCPiOS, tvOS, and macOSMDM servers to perform operations related to Apps and Books, like assigning or revoking licenses on a device.Yes

Software updates

A critical software update is required for your mac but good

Make sure you can access the following ports for updating macOS, apps from the Mac App Store, and for using content caching.

macOS, iOS, and tvOS

Network access to the following hostnames are required for installing, restoring, and updating macOS, iOS, and tvOS:

Mac software progression. Classic Mac OS (System Software) refers to the series of operating systems developed for the Macintosh family of personal computers by Apple Inc. From 1984 to 2001, starting with System 1 and ending with Mac OS 9.The Macintosh operating system is credited with having popularized the graphical user interface concept. It was included with every Macintosh that was sold during the era in which it.

HostsPortsProtocolOSDescriptionSupports proxies
appldnld.apple.com80TCPiOS onlyiOS updates
gg.apple.com443, 80TCPiOS, tvOS, and macOSiOS, tvOS, and macOS updatesYes
gnf-mdn.apple.com443TCPmacOS onlymacOS updatesYes
gnf-mr.apple.com443TCPmacOS onlymacOS updatesYes
gs.apple.com443, 80TCPmacOS onlymacOS updatesYes
ig.apple.com443TCPmacOS onlymacOS updatesYes
mesu.apple.com443, 80TCPiOS, tvOS, and macOSHosts software update catalogs
ns.itunes.apple.com443TCPiOS onlyYes
oscdn.apple.com443, 80TCPmacOS onlymacOS Recovery
osrecovery.apple.com443, 80TCPmacOS onlymacOS Recovery
skl.apple.com443TCPmacOS onlymacOS updates
swcdn.apple.com80TCPmacOS onlymacOS updates
swdist.apple.com443TCPmacOS onlymacOS updates
swdownload.apple.com443, 80TCPmacOS onlymacOS updatesYes
swpost.apple.com80TCPmacOS onlymacOS updatesYes
swscan.apple.com443TCPmacOS onlymacOS updates
updates-http.cdn-apple.com80TCPiOS, tvOS, and macOS
updates.cdn-apple.com443TCPiOS, tvOS, and macOS
xp.apple.com443TCPiOS, tvOS, and macOSYes

App Store

Access to the following hosts might be required for updating apps:

A Critical Software Update Is Required For Your Mac Button

A critical software update is required for your mac but an error was encountered
HostsPortsProtocolOSDescriptionSupports proxies
*.itunes.apple.com443, 80TCPiOS, tvOS, and macOSStore content such as apps, books, and musicYes
*.apps.apple.com443TCPiOS, tvOS, and macOSStore content such as apps, books, and musicYes
*.mzstatic.com443TCPiOS, tvOS, and macOSStore content such as apps, books, and music
itunes.apple.com443, 80TCPiOS, tvOS, and macOSYes
ppq.apple.com443TCPiOS, tvOS, and macOSEnterprise App validation

A Critical Software Update Is Required For Your Mac But Married

Content caching

Access to the following host is required for a Mac that uses macOS content caching:

HostsPortsProtocolOSDescriptionSupports proxies
lcdn-registration.apple.com443TCPmacOS onlyContent caching server registrationYes

App notarization

Starting with macOS 10.14.5, software is checked for notarization before it will run. In order for this check to succeed, a Mac must be able to access the same hosts listed in the Ensure Your Build Server Has Network Access section of Customizing the Notarization Workflow:

HostsPortsProtocolOSDescriptionSupports proxies onlyTicket delivery onlyTicket delivery onlyTicket delivery

A Critical Software Update Is Required For Your Mac Butter

Certificate validation

Apple devices must be able to connect to the following hosts to validate digital certificates used by the hosts listed above:

HostsPortsProtocolOSDescriptionSupports proxies
crl.apple.com80TCPiOS, tvOS, and macOSCertificate validation
crl.entrust.net80TCPiOS, tvOS, and macOSCertificate validation
crl3.digicert.com80TCPiOS, tvOS, and macOSCertificate validation
crl4.digicert.com80TCPiOS, tvOS, and macOSCertificate validation
ocsp.apple.com80TCPiOS, tvOS, and macOSCertificate validation
ocsp.digicert.com80TCPiOS, tvOS, and macOSCertificate validation
ocsp.entrust.net80TCPiOS, tvOS, and macOSCertificate validation
ocsp.verisign.net80TCPiOS, tvOS, and macOSCertificate validation


If your firewall supports using hostnames, you may be able to use most Apple services above by allowing outbound connections to *.apple.com. If your firewall can only be configured with IP addresses, allow outbound connections to The entire address block is assigned to Apple.

A Critical Software Update Is Required For Your Mac But An Error Was Encountered

HTTP proxy

You can use Apple services through a proxy if you disable packet inspection and authentication for traffic to and from the listed hosts. Exceptions to this are noted above. Attempts to perform content inspection on encrypted communications between Apple devices and services will result in a dropped connection to preserve platform security and user privacy.

  • See a list of TCP and UDP ports used by Apple software products.
  • Find out which ports are used by Profile Manager in macOS Server.
  • Learn about macOS, iOS, and iTunes server host connections and iTunes background processes.
  • Customize the Notarization Workflow.