How can I identify an unrecognized Trust Store version?

I just discovered that I have the same version. And I also just discovered that my husband has put a MDM on my phone without me knowing!

I can’t identify it, but would also like answers from someone who can. My OS is up to date, but it doesn’t match the number that Apple provides on this website when you click the link “Learn more about trusted certificates” on an Apple device in Settings. They say “This article lists the certificates for Trust Store version 2023071300, which is current for iOS 17, iPadOS 17, macOS 14, tvOS 17, and watchOS 10 and later.” I’m curious about the discrepancy between these two numbers.

The url where I got the quote is: https://support.apple.com/en-us/105116

I also have this!! I have been dealing with my devices being compromised & mirroring to a PC & I know it’s on a MDM but bc it’s not listed under VPN & device management, they say it’s not. But I have found it’s hooked to a pc that has it on. I also found that my IP address says I’m on a cloud flare Enterprise/Corporate web hosting!! This is my personal phone!! Never have I ever had a business phone. How do I remove this?! Or trace it back to whoever did this ?! I have my suspicions but would love solid proof, as this has devastated so many aspects of my life. But peace of mind mostly, having no privacy. Having them in my surveillance cameras etc! 😫 How do I stop screen mirroring as well?!i

its almost like they’ve recreated my entire settings app bc I’m missing certain settings- no pasteboard at all!!!

I’ve even found a video of my keystrokes being recorded with a quick time video in my iPhone messages storage !!

I can go on & on! Sure I can factory reset but they’ve used DT to manipulate the code in all my apps as well. All my email accounts are intercepted & sent as phishing emails & any time i contact any company for support, I get a reply from “zendesk” support & get no help! HELP!!

Also, is anyone familiar with

RegularGal17 wrote:

Having same issue, among many others, including (but not limited to) having Enterprise MDM installed, developer software, etc. Haven’t been able to get any help anywhere (DHHS, FBI, FTC, FCC, etc) and as a health care provider, I have protected health info on my device!

If you’re a covered entity or business associate, you’ll want to discuss your concerns with your organization’s IT InfoSec organization, and with your organization’s legal services. Nobody replying to this around here is likely part of your InfoSec, or is part of your legal representative.

Otherwise, “If an entity does not meet the definition of a covered entity or business associate, it does not have to comply with the HIPAA Rules.” That means that data is yours to protect as you see fit, absent other commitments between you and others, or other applicable non-HIPAA regulations.

The trust store was updated back in January (on the 31st of course, as is indicated in the version), and as has been typical in recent years, the Apple documentation has lagged.

The article that’ll likely eventually be updated is this one:

Available trusted root certificates for Apple operating systems - Apple Support

Others have logged feedback about that missing article, and y’all are welcome to add your comments to that article. Tap “no” next to “helpful?” at the bottom of the linked Apple article, and fill in the feedback text box.

This thread is about the Trust Store, and that’s a fundamental part of iOS, distributed authentication, and secure networking. Most any modern computing platform has an equivalent trust store, as well.

You are reporting cross-platform exploits worth multiple millions of dollars (each), exploit tooling worth far more, and reporting a situation vastly beyond what assistance can be offered pretty much anywhere.

What you are claiming is vastly beyond what assistance can be offered pretty much anywhere, across multiple platforms and services.

Not past what has been suggested in many previous replies around the community (factory reset, unique and robust passwords, security keys, maybe lockdown mode, etc), and for cases detected by Apple in Apple Support articles including: About Apple threat notifications and protecting against mercenary spyware - Apple Support

Nobody here has the access to rummage through your device, nor through the device- and security-relevant parts of your life.

No one here can perform the necessary forensics remotely, few with the time and tooling and skills are willing to perform forensics for free, no one here can evaluate the security risks that any one particular person might face, and no one here can provide advice past the usual reset-and-reload-and-lockdown.

Those with exploits worth millions aren’t prone to use those exploits freely, and—if your adversary here happens to have millions of dollars in exploits—then you’re still not going to get forensics assistance around here.

No one can prove that somebody is not hacked. And an investment in forensics expertise and time and tooling that provides a negative finding does not constitute proof, which means these efforts inherently involve infinite demand for finite resources.

Having had direct experience with more than a few folks with other unrelated issues that have claimed hacking, these discussions can and variously do go in directions entirely unrelated to digital security.

The easiest way to bulk-sort folks that might have gotten hacked from those that probably aren’t hacked are not the sorts of questions we can or should ask around here, and these same questions can be unwise to answer around here, too.

For the subset of folks reporting exploits that actually are exploited, yes, this particular reality is Not Fun.

Repeated questions do get repeated answers, yes.

As for finding more resources, I’ve repeatedly linked to the Apple Support document on this topic several times in this same thread.

I’ve been dealing with this for almost 3 years now. This, exactly what you are describing. From cloud flare to missing settings. Brand new iPhone 15. Set it up everything was great. Then little by little I watched as settings, privacy’s disappeared slowly as not to alert me every time I sign into any account, this very first log in Denys with an “wrong password” notification. I have to sign in twice to every account I want to access every time I want to access it it’s like I’m signing in for two different people at the same time me and who’s ever on the other end of my phone. Screen mirroring. Calls are forwarded but the option for me to forward calls in settings is no longer available. I have only your basic settings now.

I can go on and on and on and honestly I would love to. Because like I said I’ve been dealing with this for almost three years now and I’ve been told nothing more then you’re crazy.

I’ve been down so many holes trying to set things right and the only real answer I can come up with? The only thing that’s been a constant? Is my partner. We took a break for about five months. I got rid of everything because it was all tainted Every account you could think of banks, Roku emails Facebook I walked away from all of it, and the cell phone started my brand new device on a whole different network with all different accounts not one account was reused. After the five month break with no phone issues we got back together and here I am again. Losing myself to this darkness m. Being watched monitored daily.

Tellmewhy097 wrote:

I’ve been dealing with this for almost 3 years now. This, exactly what you are describing. From cloud flare to missing settings. Brand new iPhone 15. Set it up everything was great. Then little by little I watched as settings, privacy’s disappeared slowly as not to alert me every time I sign into any account, this very first log in Denys with an “wrong password” notification. I have to sign in twice to every account I want to access every time I want to access it it’s like I’m signing in for two different people at the same time me and who’s ever on the other end of my phone. Screen mirroring. Calls are forwarded but the option for me to forward calls in settings is no longer available. I have only your basic settings now.

I can go on and on and on and honestly I would love to. Because like I said I’ve been dealing with this for almost three years now and I’ve been told nothing more then you’re crazy.

I’ve been down so many holes trying to set things right and the only real answer I can come up with? The only thing that’s been a constant? Is my partner. We took a break for about five months. I got rid of everything because it was all tainted Every account you could think of banks, Roku emails Facebook I walked away from all of it, and the cell phone started my brand new device on a whole different network with all different accounts not one account was reused. After the five month break with no phone issues we got back together and here I am again. Losing myself to this darkness m. Being watched monitored daily.

The whole point of hacking any device is to not get caught doing it. So if your phone has any symptoms that you can’t easily explain that is close to being proof that your device has NOT been hacked. A true hacker wouldn’t leave any footprints.

ooohlalabee wrote:

So who CAN help ?!!

This thread is about Trust Store, and that’s a fundamental part of iOS, distributed authentication, and secure networking. Most any modern computing platform has an equivalent trust store, as well.

An iPhone that has actually been exploited is far beyond the assistance that can be offered around here.

Not past what has been suggested in many previous replies (factory reset, unique and robust passwords, security keys, maybe lockdown, etc), and for cases detected by Apple in Apple Support articles including: About Apple threat notifications and protecting against mercenary spyware - Apple Support

Nobody here has the access to rummage through what you’re reporting either, and to identify and to differentiate what are unfortunately utterly normal and mundane activities which can include Cloudflare IP addresses (that is probably iCloud Private Relay usage, for instance) and the endemic commercial surveillance, and what evidence might or would indicate a compromise.

As for “peace of mind”, that’s a difficult proposition to achieve. At best. No one can prove a negative; that a device was not or is not or cannot be exploited. Not to the satisfaction of most folks posting in these threads. And for all any of us can know, you might be a valuable target to some exceedingly well-funded adversary—the sorts of individual exploits used here are worth millions of dollars, and are targeted; not deployed with profligacy.

Dmgator wrote:

Same here! They tell me it's impossible and I'm basically crazy. Many vulnerabilities they do not want broadcast.

This thread is about the Trust Store, and that’s a fundamental part of iOS, distributed authentication, and secure networking. Most any modern computing platform has an equivalent trust store, as well.

An iPhone that has actually been exploited is far beyond the assistance that can be offered around here.

Not past what has been suggested in many previous replies around the community (factory reset, unique and robust passwords, security keys, maybe lockdown mode, etc), and for cases detected by Apple in Apple Support articles including: About Apple threat notifications and protecting against mercenary spyware - Apple Support

Nobody here has the access to rummage through your device, nor through the device-security-relevant parts of your life.

No one can prove a device was not or is not or cannot be exploited. Not to the satisfaction of most folks posting in these threads. And for all any of us can know, you might be a valuable target to some exceedingly well-funded adversary—the sorts of individual exploits used here are worth millions of dollars (each), and based in all available evidence are targeted; are not utilized and not deployed widely.

As for broadcasting vulnerabilities, neither Apple nor security researchers are inclined to provide details of vulnerabilities that might then lead to cause widespread exploitation of an existing vulnerability, pending remediation.

Having same issue, among many others, including (but not limited to) having Enterprise MDM installed, developer software, etc. Haven’t been able to get any help anywhere (DHHS, FBI, FTC, FCC, etc) and as a health care provider, I have protected health info on my device!

Isosceles_ wrote:

Please provide links to the feedback that others have logged about the missing apple.com article. This thread is the only search result I’ve been able to find thus far about Trust Store Version 2024013100.

Apple doesn’t publish directly-provided user feedback. I’ve previously logged feedback around this, and I’ve seen the same stale-article case arise over the years, too. There are previous trust store discussions mentioning both that article and this same situation, too. Which should be enough keywords for your search.

If you want to log your own feedback, that would be this: “Others have logged feedback about that missing article, and y’all are welcome to add your comments to that article. Tap “no” next to “helpful?” at the bottom of the linked Apple article, and fill in the feedback text box.”

No malware and no hacker would be 🤡 enough to intentionally change the trust store version number, and if any malware has write access to iOS (which would inherently be involved in adding or removing trust store contents), there are better targets for modifications. If it were not a legitimate change, that difference would be a 🚩.

If y’all believe you might be or are the target of the sort of malware that could make changes to iOS itself including changes to the trust store and its displayed version, y’all are also far outside the scope of what anybody here can help with.

Ionlywant2bfree wrote:

…However i had to give the number out and a few days later there it was that same fake trust store version number from my old phone.

A “fake trust store version” would usually be ample evidence of compromise.

A valid trust store version (e.g. 2024013100) as is routinely provided by an iOS update would not be such evidence.

So who CAN help ?!!

Same here! They tell me it's impossible and I'm basically crazy. Many vulnerabilities they do not want broadcast.