Mac trustd high CPU

from blog The Desolation of Blog, | ↗ original
Six months after the Mac OCSP appocalypse, here we go again, and here I go again. Back then I discovered that the trustd process was having trouble connecting to ocsp.apple.com, an issue temporarily solved by preventing connection attempts to that domain (for example in Little Snitch). Yesterday I started noticing another issue with trustd, but this time the issue was a little different: very high CPU usage. I've heard from several other people who started noticing the same issue yesterday too, one of whom helpfully referred me to this reddit thread with even more reports. On investigation, I found that the nsurlsessiond process was connecting to the server valid.apple.com, and immediately afterward trustd CPU jumped from 0% to 100%. It seems that the issue can be temporarily solved by preventing nsurlsessiond from connecting to valid.apple.com. You may have to reboot or force quit trustd to get its CPU usage back to normal. It's important to note that this is only a temporary workaround to the CPU usage problem; trustd is an important macOS system process that checks certificate validity and revocation status, so you probably don't want to block valid.apple.com forever.
This is a short summary. ↗ Open original to view full content

Related

Apple OSes Are Insecure By Design To Aid Surveillance
Jeffrey Paul | original ↗
On Trusting Macintosh Hardware
Jeffrey Paul | original ↗
Fixing the Breakage from the AddTrust External CA Root Expiration
Andrew Ayer - Blog | original ↗
Notes on Mac Remote Desktop Connection Encryption Errors
Tao of Mac | original ↗
Praying for passkeys to get better
Birchtree | original ↗
Short Take: Why Trust-On-First-Use Doesn't Work (Even for SSH)
Andrew Ayer - Blog | original ↗
Apple is Still Tracking You Without Consent
Jeffrey Paul | original ↗
The browsers biggest TLS mistake
benjojo blog | original ↗
Typo in Apple's SSL implementation causes uniform failure to validate key exchanges
Alex Clemmer | original ↗
Google's Certificate Revocation Server Is Down - What Does It Mean?
Andrew Ayer - Blog | original ↗

More from The Desolation of Blog

Technology is never a substitute for consent
4 Jan 2025 | original ↗

This is a follow-up to my recent blog posts Apple Photos phones home on iOS 18 and macOS 15 and The internet is full of experts. I've read a lot of the discussion about and responses to my blog posts, which has forced me to hone my own thinking and arguments on the subject. I characterized Apple's new Enhanced Visual Search feature as a privacy...

The internet is full of experts
31 Dec 2024 | original ↗

My recent blog post Apple Photos phones home on iOS 18 and macOS 15 has received widespread attention, and perhaps inevitably, it has also received widespread criticism by random internet commenters. A common criticism is that I somehow discredited myself by stating, honestly, "I don't understand most of the technical details of Apple's blog...

Apple Photos phones home on iOS 18 and macOS 15
28 Dec 2024 | original ↗

This morning while perusing the settings of a bunch of apps on my iPhone, I discovered a new setting for Photos that was enabled by default: Enhanced Visual Search. (I manually disabled it before taking the screenshot below.) Apps > Photos"> This setting is also new to Photos on macOS Sequoia, and enabled by default. Oddly, this new feature has...

Deep dive into a macOS default web browser bug
20 Dec 2024 | original ↗

This blog post has undergone some revision and correction since first published. It turns out, contrary to my initial assumption, that the code signatures of the apps is largely irrelevant. Thanks to Avi Drissman of the Google Chrome team for assistance! According to the Apple Developer Documentation, "macOS Launch Services is an API that enables...

How Safari 18.2 https upgrade works
12 Dec 2024 | original ↗

Yesterday, Apple released Safari version 18.2, included with iOS 18.2 and macOS 15.2, as a separate update for macOS 14 and 13. I've already discussed one new feature of Safari 18.2, Copy Link with Highlight, in another blog post. Now I'd like to discuss another new feature, automatic https upgrade. From Apple's announcement: Safari 18.2 on iOS,...