Trust Store Version

I’d wanted to add more pics, but by the time I removed all personal info, there was nothing left!

I’m not certain how long, had “mild”

things as far back as 2018, but things became very bad 2021-now. I’m going to try to send 2 pics related to previous discussion, MDM and screen recorder app (I did not purchase either), it seems like the MDM appears every year or more.

Where did you see 2022070700? That is an almost year old version. The trust store version number is the date that the trust store was last updated, and for iOS 16.5 it is 2023032800.

In simple terms, The Trust Store contains the digital signatures of issuers of the SSL certificates that are used to encrypt access to websites and email servers. There are billions of SSL certificates in use around the world. They are issued by a relatively small number of agencies and companies (called Certificate Authorities, or CAs), who, as part of the process of issuing the certificate, verifies that the site is legitimate. When you visit a website the certificate from that site is sent to your browser. Your browser then verifies that the certificate was issued by one of the agencies whose signature is in the Trust Store. If the signature is not in the trust store you see a warning that the site may not be what it seems. The Trust Store is updated as part of an iOS update. It will change whenever the list of certificate authorities changes, which is very rare. The Trust Store version is actually the date and time the trust store contents were last updated. So, for example, version 2023032800 was last updated on March 28, 2023 at midnight.

The trust store version has absolutely nothing to do with security vulnerabilities. If you keep your Apple product updated to the latest version of MacOS or iOS it will be protected against all known vulnerabilities, despite whatever mis-information has been posted in the forum. 

Bite-1T wrote:

?? Me too. 2023032800

Trust asset version:20

The Trust Store is not related to carrier lock.

Trust Store 2023032800 is current.

Apple hasn’t updated their support article.

You can send Apple some feedback, or can contact Apple Support and confirm this.

Mr Hoffman, mine has the same trust store, but 1002 as the trust asset version. My phone has been doing many crazy things (and the iPads) since I was in the hospital in 2021, and I’ve replaced phones as well. I’ve had a lot of software that was fraudulently downloaded (some free, some not), but reformatting or even buying a new phone does not help. It has a screen recorder downloaded, the icon showed up on that, but in downloads. When I go to the site, it starts recording and continues for 45 minutes, then sends a link that I can’t access (just in example of many many issues). It also has a “managed” Wi-Fi hotspot that when running, the IP resolves to Apple. I understand Apple only issues a Wi-Fi hotspot if you have an MDM. I can’t control or use the hotspot, but it will connect then connect to other iPads and windows devices. It shows Internet traffic using Bluetooth! And even with location services off, the Wi-Fi hotspot will come on. I have 2 detectors, either will pick it up. I disconnected my internet about 4 months ago, I don’t know if this hotspot was there before or not. But my device, and everything on it is compromised.

T3ddy19 wrote:

Mr Hoffman, mine has the same trust store, but 1002 as the trust asset version. My phone has been doing many crazy things (and the iPads) since I was in the hospital in 2021, and I’ve replaced phones as well. I’ve had a lot of software that was fraudulently downloaded (some free, some not), but reformatting or even buying a new phone does not help. It has a screen recorder downloaded, the icon showed up on that, but in downloads. When I go to the site, it starts recording and continues for 45 minutes, then sends a link that I can’t access (just in example of many many issues). It also has a “managed” Wi-Fi hotspot that when running, the IP resolves to Apple. I understand Apple only issues a Wi-Fi hotspot if you have an MDM. I can’t control or use the hotspot, but it will connect then connect to other iPads and windows devices. It shows Internet traffic using Bluetooth! And even with location services off, the Wi-Fi hotspot will come on. I have 2 detectors, either will pick it up. I disconnected my internet about 4 months ago, I don’t know if this hotspot was there before or not. But my device, and everything on it is compromised.

A managed Wi-Fi connection is normal and expected when a carrier app is installed.

Screen recording is part of iOS.

Websites can request camera access, and when granted that will show camera access.

Accusations of fraud are best discussed with legal advice, or police.

What you are reporting is a password or passcode compromise, or exceedingly expensive exploit tooling. if you’re of interest to intelligence organizations or otherwise targeted by exploit tooling, then you’re well outside what anybody can assist you with here.

And the trust store is unrelated to all of that…

Hello Mr Hoffman,

I know you can initiate a screen recorder on Apple, but this is done covertly using a program that I did not download. Many programs, such as “email organizers” have been used to delete all email (on one account). Four methods (that I’m aware of, will automatically delete or send to invalid email things like Apple password resets, also emails to and from security venders, and many more. In some cases, JavaScripts under shortcuts have been used to create fake emails from me. Many seemingly very “skilled” methods have been used that I’ve never seen before. No programs are visible, but the activity from the programs is visible, and I receive emails from one vender who I’ve been trying to get help to remove this recording program. One email account is redirected to a fake page, it appears legit, but excludes things like “view source”, and much more. I’m able to see these changes, but would prefer not to mention on a public forum.

It just keeps getting worse! My home alarm was compromised by the stolen mini 2, and people come in my home if I leave it unattended. I had a camera running that picked up activity. But I must avoid topics not related to Apple. Many native Apple settings were also used, airdrop when someone was in range, another native app used to spoof phone calls, so many more. Prior to all of this, I’d never given Apple Security a second thought.

BTW, my carrier told me I don’t have a WI-FI hotspot, even though I’ve seen it in action. If unplugged my network, then a device connected to Wi-Fi, then it used Bluetooth to connect to as many as 4 devices, both Apple and Windows. The Bluetooth activity shows as the source for certain activity.

since I’d been in IT forever it seems, I had a lot of equipment. All has been destroyed. Sometimes a reformat will help, but as soon as it’s connected, it’s compromised within minutes. It’s so fast, I guess it’s persistent or automatic. On some devices, it deletes my credentials, so I can’t log on.

Most activity appears to be native Apple, or unauthorized downloads. The icons will show for a day or two, then they are hidden. It seems so advanced. Who could know programming languages (87 scripts under shortcuts), other languages that were downloaded from the App Store, multiple OS, IOS, Windows, Unix, Linux, various routers, printers. IoT, more.

Im thinking it might be MaaS, due to extreme nature and complexity. I’ve read you can get this from the dark web, but I’ve never looked there. Either that, or someone with an unimaginable skill set!

I know there have been a recent increase is Apple C&C tools, such as another Pegasus (with a new name), and another one, can’t recall the name without looking.

Anyway thanks for the info.

As someone with IT experience, you will want to collect configuration details and forensics details and engage someone that can provide assistance with what is a catastrophic exploitation of multiple devices and disparate operating systems. Again, as someone with IT experience, you will clearly recognize that assistance with the sheer scale of exploitation you are reporting here is for beyond what can be expected. Direct device access and forensics are in your future, as well as a frank discussion about your particular risks for the sorts of tools seemingly employed here.

Just last night I noticed the same problem. My trust asset version is 1002. I’m very concerned. Have you had any luck figuring out any further information about this? My iPhone also had a root certificate under this number and it said it was an enforced certificate. I could not delete it.

MissFiddy333 wrote:

I’m very concerned.

I see nothing concerning here.

Have you had any luck figuring out any further information about this?

You appear to have a Comcast Xfiniti app installed, probably because they’re your ISP or maybe your cellular carrier or quite possibly both, and that app loads a profile that contain this, and many (most?) carrier apps also load a list of Wi-Fi networks (SSIDs).

I could not find anything on it, searched on Apple.com, called Apple, no answer. I’m not 100% certain what this is now? I thought it was related to security certs, for SSL, and maybe this was the number of certs? But I found nothing. I didn’t know you could delete them on Apple. I have another phone that shows about 100, and I don’t use it for the web. Some were foreign, but a reformat did not remove them. I do agree with Mr Hoffman, but it seems like I should be able to find a definition. Have you had any other issues with your phone? If this were my only issue? I’d be OK with it, but it’s not.

When you make a https:// connection to a site, that involves using the site's certificate, and typically checking that the certificate is signed by a trusted authority.

It does not involve installing that certificate on the phone or computer doing the browsing. There's no reason for your phone to keep any sort of permanent list of Web site certificates.

https://www.ssl.com/faqs/what-is-https/

T3ddy19 wrote:

I should mention, generally when you go to a secure site, like Amazon and it’s https, it will install a security cert for that site.

That is incorrect.

Visiting a website with a trusted certificate does not “install a security cert for that site”.

The Apple certificate trust store being discussed in this thread is what avoids that certificate download and that manually-trusted certificate.

Yes, it is possible to access a website that is configured with a self-signed or expired or untrusted certificate, and that access will show an untrusted certificate error. It will not automatically “install a security cert” for that website, however.

It is possible to manually load a trusted certificate to include trust for a particular website or service or organization, but that is not the common case, and that is not the default behavior.

But I don’t see a list stored anywhere?

Because there isn’t one. The trusted certificate store is a fundamental part of iOS, iPadOS, and macOS, built into the platform, and expressly protected against modifications by users or apps.

If you are interested in learning how public key encryption and certificates work in general terms, there are available resources. (Here is a Khan Academy intro.)

MissFiddy333 wrote:

Do you know how to delete this root certificate and regain my normal trust asset version?

Delete the Comcast Xfinity app, and restart the iPhone.

That deletion should clear that, and should also prevent you from accessing the secure Comcast Xfinity Wi-Fi networks.

The root certificate is not from a Xfinity app. I don’t even have an Xfinity app. Are you for real? I know you know these things if you’re a level 10 whatever. This cert showing up in that place on the iPhone means iOS can’t validate the trust chain of the signing CA. Root certificates installed by either a MDM or on supervised devices disable the option to change the trust settings. Exactly my problem is I am unable to toggle off this certificate. (See my photos) My phone is totally hacked! Even you I’m talking to is probably part of the hack. Either that or you are just not wanting to see that this is a problem. My phone is not suppose to be supervised. Can you tell me why would it be supervised and by who? FML