Mismatched Trust Store Version on iOS 16.5

I found some thing on the developer website suggesting it has to do with device management. Performing a WS-Trust login request

Create a WS-Trust login request using the metadata exchange data (MEX) response.

DOCUMENTATION

ARTICLE

Objective-C I

Swift

Configuring a Trust

Work around a recoverable trust failure.

DOCUMENTATION

ARTICLE

Objective-C 1

Swift

Version Number- Glossary

The version number (CFBundleShortVersionString) is a user-visible string that represents the bundle version with a required format of three period-separated integers (0-9).Each integer provides information about the release in the format...

SUPPORT

Performina manual server trust…

….. I also found this regarding the trust asset version 8:09 1

•Il 5G: C

<

Today

7:20 AM

Edit

Hello 007kc4L,

It sounds like you have some questions about a trusted certificate on your iPhone.

We can definitely understand the concern, and we are happy to help.

Is this device a personal device, or is it a work managed device? Your settings seem to appear as expected.

If this is a personal device, then to trust a certificate and turn it off, follow this article:

Trust manually installed certificate profiles in

¡OS and iPadOS

If this is a work device, then we would suggest reaching out to your IT administrator.

We hope this helps!

Cheers!

Less

Rathie2155 wrote:

I found some thing on the developer website suggesting it has to do with device management.

Pretty much everything related to encryption and to distributed authentication is dependent on the Apple trust store.

Adding a locally-trusted certificate within an app bundle (as a developer can do) or adding a certificate using a profile (as an IT group can do) is unrelated to the Apple trust store (as discussed in this “what is this trust store version?” thread).

Here is the previous thread seemingly referenced with the text quoted: Why is there a trusted certificate on my … - Apple Community

The user that initiated that thread never returned to follow-up, and the reply provides some suggestions for finding the source of an added certificate. That thread about an added certificate does not address or particularly reference the Apple system trust store from this thread.

For WS-Trust distributed authentication, a client could use a private certificate chain for single sign-on, or could present a certificate that traces back to the Apple certificate chain for that.

Your issue has nothing to do with the Trust Store Version; see the post right above yours. You bought a phone that is locked to a carrier. iPhones bought directly from Apple are not carrier-locked, but all other iPhones are.

You will have to ask the seller what carrier it is locked to, and either use the same carrier or contact the carrier and ask them to unlock it→How to unlock your iPhone for use with a different carrier - Apple Support.

Mr Hoffman, mine has the same trust store, but 1002 as the trust asset version. My phone has been doing many crazy things (and the iPads) since I was in the hospital in 2021, and I’ve replaced phones as well. I’ve had a lot of software that was fraudulently downloaded (some free, some not), but reformatting or even buying a new phone does not help. It has a screen recorder downloaded, the icon showed up on that, but in downloads. When I go to the site, it starts recording and continues for 45 minutes, then sends a link that I can’t access (just in example of many many issues). It also has a “managed” Wi-Fi hotspot that when running, the IP resolves to Apple. I understand Apple only issues a Wi-Fi hotspot if you have an MDM. I can’t control or use the hotspot, but it will connect then connect to other iPads and windows devices. It shows Internet traffic using Bluetooth! And even with location services off, the Wi-Fi hotspot will come on. I have 2 detectors, either will pick it up. I disconnected my internet about 4 months ago, I don’t know if this hotspot was there before or not. But my device, and everything on it is compromised.

T3ddy19 wrote:

Mr Hoffman, mine has the same trust store, but 1002 as the trust asset version. My phone has been doing many crazy things (and the iPads) since I was in the hospital in 2021, and I’ve replaced phones as well. I’ve had a lot of software that was fraudulently downloaded (some free, some not), but reformatting or even buying a new phone does not help. It has a screen recorder downloaded, the icon showed up on that, but in downloads. When I go to the site, it starts recording and continues for 45 minutes, then sends a link that I can’t access (just in example of many many issues). It also has a “managed” Wi-Fi hotspot that when running, the IP resolves to Apple. I understand Apple only issues a Wi-Fi hotspot if you have an MDM. I can’t control or use the hotspot, but it will connect then connect to other iPads and windows devices. It shows Internet traffic using Bluetooth! And even with location services off, the Wi-Fi hotspot will come on. I have 2 detectors, either will pick it up. I disconnected my internet about 4 months ago, I don’t know if this hotspot was there before or not. But my device, and everything on it is compromised.

A managed Wi-Fi connection is normal and expected when a carrier app is installed.

Screen recording is part of iOS.

Websites can request camera access, and when granted that will show camera access.

Accusations of fraud are best discussed with legal advice, or police.

What you are reporting is a password or passcode compromise, or exceedingly expensive exploit tooling. if you’re of interest to intelligence organizations or otherwise targeted by exploit tooling, then you’re well outside what anybody can assist you with here.

And the trust store is unrelated to all of that…

Hello Mr Hoffman,

I know you can initiate a screen recorder on Apple, but this is done covertly using a program that I did not download. Many programs, such as “email organizers” have been used to delete all email (on one account). Four methods (that I’m aware of, will automatically delete or send to invalid email things like Apple password resets, also emails to and from security venders, and many more. In some cases, JavaScripts under shortcuts have been used to create fake emails from me. Many seemingly very “skilled” methods have been used that I’ve never seen before. No programs are visible, but the activity from the programs is visible, and I receive emails from one vender who I’ve been trying to get help to remove this recording program. One email account is redirected to a fake page, it appears legit, but excludes things like “view source”, and much more. I’m able to see these changes, but would prefer not to mention on a public forum.

It just keeps getting worse! My home alarm was compromised by the stolen mini 2, and people come in my home if I leave it unattended. I had a camera running that picked up activity. But I must avoid topics not related to Apple. Many native Apple settings were also used, airdrop when someone was in range, another native app used to spoof phone calls, so many more. Prior to all of this, I’d never given Apple Security a second thought.

BTW, my carrier told me I don’t have a WI-FI hotspot, even though I’ve seen it in action. If unplugged my network, then a device connected to Wi-Fi, then it used Bluetooth to connect to as many as 4 devices, both Apple and Windows. The Bluetooth activity shows as the source for certain activity.

since I’d been in IT forever it seems, I had a lot of equipment. All has been destroyed. Sometimes a reformat will help, but as soon as it’s connected, it’s compromised within minutes. It’s so fast, I guess it’s persistent or automatic. On some devices, it deletes my credentials, so I can’t log on.

Most activity appears to be native Apple, or unauthorized downloads. The icons will show for a day or two, then they are hidden. It seems so advanced. Who could know programming languages (87 scripts under shortcuts), other languages that were downloaded from the App Store, multiple OS, IOS, Windows, Unix, Linux, various routers, printers. IoT, more.

Im thinking it might be MaaS, due to extreme nature and complexity. I’ve read you can get this from the dark web, but I’ve never looked there. Either that, or someone with an unimaginable skill set!

I know there have been a recent increase is Apple C&C tools, such as another Pegasus (with a new name), and another one, can’t recall the name without looking.

Anyway thanks for the info.

Just last night I noticed the same problem. My trust asset version is 1002. I’m very concerned. Have you had any luck figuring out any further information about this? My iPhone also had a root certificate under this number and it said it was an enforced certificate. I could not delete it.

Just last night I noticed the same problem. My trust asset version is 1002. I’m very concerned. Have you had any luck figuring out any further information about this? My iPhone also had a root certificate under this number and it said it was an enforced certificate. I could not delete it. I have never installed root certificates or jail broken my phone.

MissFiddy333 wrote:

I’m very concerned.

I see nothing concerning here.

Have you had any luck figuring out any further information about this?

You appear to have a Comcast Xfiniti app installed, probably because they’re your ISP or maybe your cellular carrier or quite possibly both, and that app loads a profile that contain this, and many (most?) carrier apps also load a list of Wi-Fi networks (SSIDs).

I could not find anything on it, searched on Apple.com, called Apple, no answer. I’m not 100% certain what this is now? I thought it was related to security certs, for SSL, and maybe this was the number of certs? But I found nothing. I didn’t know you could delete them on Apple. I have another phone that shows about 100, and I don’t use it for the web. Some were foreign, but a reformat did not remove them. I do agree with Mr Hoffman, but it seems like I should be able to find a definition. Have you had any other issues with your phone? If this were my only issue? I’d be OK with it, but it’s not.

When you make a https:// connection to a site, that involves using the site's certificate, and typically checking that the certificate is signed by a trusted authority.

It does not involve installing that certificate on the phone or computer doing the browsing. There's no reason for your phone to keep any sort of permanent list of Web site certificates.

https://www.ssl.com/faqs/what-is-https/

The root certificate is not from a Xfinity app. I don’t even have an Xfinity app. Are you for real? I know you know these things if you’re a level 10 whatever. This cert showing up in that place on the iPhone means iOS can’t validate the trust chain of the signing CA. Root certificates installed by either a MDM or on supervised devices disable the option to change the trust settings. Exactly my problem is I am unable to toggle off this certificate. (See my photos) My phone is totally hacked! Even you I’m talking to is probably part of the hack. Either that or you are just not wanting to see that this is a problem. My phone is not suppose to be supervised. Can you tell me why would it be supervised and by who? FML

Oh new weird scary issue… I chatted on my message app with “Apple Support” today. When checking their icon in my messages it took me to the actual name of who I was speaking to. It read Apple Electronics Store lmao. When I asked the chat guy he said that it’s because the brand of apple is the electronics store omg! He went on to say more too. Then at the end of the chat I was invited to complete a survey and the address is feedback.applesurveys.com!! It’s not even an apple domain! So I’m pretty sure the hackers were chatting to me to get more info from me. Like my new phone number I had just gotten today hoping to fix this problem. I’ll have to get another new one now. But maybe you can verify if that is an apple website. From what I found it’s feedback. Apple.com. I’ll include photos as I thought it was pretty funny this guys explanation for why his apple impersonation was below the mediocre line at best.

MissFiddy333 wrote:

Oh new weird scary issue…

Your fears will be used against you.

Your fears can be exploited, by advertisers, politicians, propagandists, scammers, and abusive exes.

Your fears are absolutely leverage to convince you to do things against your own interests.

Hacking and hackers and hacks hacks hacks are among those fears, and among those fears commonly exploited.

What can you do here? Start with the following, and with Safety Check and the checklists there:

Personal Safety User Guide - Apple Support

Linked at the bottom, there’s a PDF containing the whole document.

Here are some of the common scams (various of which absolutely try to use fear against us):

Recognize and avoid phishing messages, phony support calls, and other scams - Apple Support

Yes, iPhone and iPad can be exploited, but that’s been very rare and very much targeted against specific people. Targeting us ourselves and our fears (and our other string emotions, and our tiredness) is far, far more common.

Good evening:)

Thank you for the super spooky hacker advice. I have tried the safety check a few times in last few days. I tried network reset. Powering on and off. I tried signing in and out of Apple ID. (Which did by the way get rid of the AAA certificate from “Xfinity”). I’ve contacted Xfinity and they said it is not their certificate and to go to the Apple Store for help. Another guy here in discussions has confirmed that surveysapple.com is not an Apple domain. He suggested I contact Apple security.

Interestingly I tried using my Apple ID to log into a school or work account under vpn in settings and it said I already am signed in! In settings I do not see a profile to try and get rid of. It’s a pretty good hack I think… I mean I cannot get rid of the certificate because the phone is being controlled by a imposter MDM and I have yet to figure out a way to find this profile. I am seeing however it may have something to do with health data. Do you have that app? I am unable to delete it and it pops up when I search profile in settings. I’ll include some pics.