Any idea how they changed the cache time remotely?
If the OS is honouring the cache control headers of a plain text response this has its own security implications.
The response is signed by Apple, and presumably (!) your Mac is validating that signature correctly. I haven't checked if they are using stapling, but that would be the sensible way to do it, in which case it is a server side parameter (though possibility with client side limits too, but you'd need to disassemble the binary).
