Comment by ulrikrasmussen

4 years ago

Is MacOS sending these hashes to check whether they are revoked? That sounds like an insane excuse. Are there really so many revoked hashes that it is not feasible to mirror the database to every device for offline querying?

1 comment

ulrikrasmussen

Reply
whywhywhywhy  4 years ago

Not sure if this system replaces it but they’ve had a built in system for years called XProtect that keeps a malware hash database and checks locally.