We Found a Ticking Time Bomb in macOS TCP Networking — It Detonates After Exactly 49 Days

A 32-bit unsigned integer overflow in Apple's XNU kernel causes the internal TCP timestamp counter (tcp_now) to freeze after exactly 49 days, 17 hours, 2 minutes, and 47 seconds of continuous uptime. Once frozen, TIME_WAIT connections never expire, ephemeral ports exhaust, and eventually no new TCP connections can be established — while ICMP (ping) continues working normally. The bug was discovered on a fleet of long-running Mac machines monitoring an iMessage service, then reproduced live on two machines approaching the overflow threshold. The root cause is a monotonicity guard in calculate_tcp_clock() that prevents tcp_now from updating after the uint32_t wraps back near zero, permanently freezing the TCP clock. The cascade leads to thousands of stuck TIME_WAIT entries, SYN_SENT pileups, load spikes, and complete TCP failure. High-risk environments include macOS CI/CD servers, Mac Pro workstations, and colocated Mac fleets. A workaround beyond rebooting is in development.