Mismatched Trust Store Version on iOS 16.5

The only way to see a certificate on a iPhone I believe is the way my phone is showing it. It’s only revealing itself because it is not approved by Apple. That way they can control my phone by tricking it to think I’m on secure sights when most likely I am not and maybe even sending me to their sites. I hate fake things. Will probably get rid of all phones now as well. No sense in having a fake phone. LMAO! My life!

I‘m having the same issue, an MDM was downloaded to my personal device and I can’t see it, I saw the icon when it was downloaded, but not after. The MDM has a lot of control over your device and can allow or disallow many things. It sounds like it would be a great security feature, if the true owner had control. I saw where you asked if I knew why I was being targeted. Well, nobody should be targeted this way! I might normally say it’s due to my work history, banking, finance, aerospace and insurance (Security in all). But not in this case. As Mr Hoffman stated, this is an “elite” attack, or appears so. In my case, I think it’s someone I know. I do wish I knew a forensics investigator. With a subpoena, you can find out who is doing this. But thats if you can find someone to do this (attorney).

T3ddy19 wrote:

As Mr Hoffman stated, this is an “elite” attack, or appears so.

Re-read what I wrote. What was claimed would be. So far, nobody’s posted anything that couldn’t also be explained by benign and expected activities, particularly around cases involving carrier-related apps, or by the ever-popular dodgy hardware. Three pages of random screenshots, random telemetry, and other such is not sufficient evidence. Part of that exploit risk determination involves answers to situational and background questions that should not be posted here, too.

Ok, that message actually went to Miss Fiddy? But it appears that often when a message is sent to one member of a topic, it goes to all. Also, if the post has been removed, when the link to respond is selected, there is no longer the original message. As you mentioned, the moderators may remove the post. I was wondering why I was receiving what appeared to be so many questions when if fact, they were more of “updates” or responses to a category. Like Trust Versions, MDM and so forth.

Apologies if I misunderstood. However, I was screen sharing with a senior advisor, going through various anomalies, and he agreed the device was compromised. However, I would not want to post details on an open forum. But many have indicated they have the exact same symptoms.

T3ddy19 wrote:

Ok, that message actually went to Miss Fiddy? But it appears that often when a message is sent to one member of a topic, it goes to all.

You can't send a message to just one person here. Everything you post is added to the thread and everyone can see it.

I was in the hospital for a month when my iPad mini 2 (no longer used but kept with other older devices in storage. 1st set of surgeries were 2021, then again in 2022. I thought it started around this time, but later on, I found altered things going back to 2018! It became the worse in 2022. Nearly all of the data that would have provided evidence of fraud, like my email account and Apple ID were deleted. I had many recent charges for nefarious programs that were “hidden”. I was not aware this was a “feature”. My grocery delivery service was also deleted. That deleted an excessive amount of purchase details. I do have images of the icons that showed some of the programs that were dowloaded, then they used a managed hotspot that I never purchased and could not delete. They connect to managed hotspot, then use Bluetooth to access other devices (such as all IOS, Windows, my printer, streaming media, home alarm and much more. I’m a former certified global IT security manager, and I get the same treatment, such as “that’s impossible” and more related comments. But a senior IT support rep using a remote session looked at my phone, and many of the changes and confirmed I was compromised.

Although it sounds like Pegasus virus, it has a different name for this years version. The app for MDM downloaded to IOS and other operating systems, while the downloaded app was visible, once it was installed it disappeared. The same is true for other programs that were created for good purposes, used for malicious purposes, such as email manipulation, filtering or blocking web sites for security research, emails to security companies (the emails were set to auto delete, hide, or redirect.

There is too much going on to try to hit the major issues. But I’ve seen a lot of ppl that have listed the same issues in detail. Many topics get deleted. I don’t have enough “points” (you get them when someone clicks on “Helpful”. Sometimes I’ll get a message that will already be deleted.

there are a couple other remote access apps (one actually showed on my Home Screen before it was hidden. You are not suppose to be able to hide installed programs, but they will show up at various times, such as a screen recorder that was installed using an alternate or alias ID. I went to the site, and it immediately kicked off a 45 minute scan! After 45 minutes, I received a link to the recorded session from the vender, I tried to open it, and I did not have permissions. It also captures screen shots, this is evident when looking at links or history, different locations, but one is open web sites, when I shrink the current site I’m on in Safari, some sites will show letters, such as “DA” or the user or site name, while those viewed will show a big eye ball (and no images from the site) and in the lower right hand corner, a square icon that looks like a window with bars. If you click on that, it will select all text on that page. One example of many programs that I can’t get rid of, reformatting or buying new everything does not help. In my case, I feel it started with the hidden MDM. In September this year, the install icon showed up again. I tried to install it on my iPad that had not been connected by me for over 6 months. And I’d disconnected my network months ago. But when I clicked on the icon, it said something like “you need to contact your system administrator to use this app, you don’t have permissions”. All of my devices are personal, and not belonging to a business. I get other messages related to a MDM (Apple Configurator). I’d Planned on creating a small non profit blog site, but have no working computers. If I did, I would install the Apple MDM on all devices. I can see how it could prevent many attacks with all the restrictive and detailed settings, from settings on the Apple Device, such as Focus (or do not disturb), to restricting web sites, and even password requirements.im not sure how it handles scripts, or custom programming under short cuts, but if block that.

As this has been ongoing since 2018, please consider exactly what you expect to happen differently here, now, today, many, many years later, across many substantial software upgrades, and undoubtedly multiple detailed discussions. You’ve already considered and acted upon the various feedback received, have secured your environment and your Apple ID appropriately per the feedback, and you are exceedingly unlikely to get a different or new suggestion here, now, years onward. Whatever is special or different in your cases is not getting resolved with these discussions. You can, of course, continue to repeat the same failed strategy with these discussions of course, but we all know what will likely happen here, this time, again. We all know not expect a different outcome.

In answer to your question, no I have not. I looked up some of your keywords on Apple, and found a lot (even excess) of information, with links to more info, such as AAA certificate (it’s a valid cert per Apple). The current Cert number based on OS is also listed in Apple. Mine does not match but I don’t know why.

But I could not figure out what AAA is used for exactly it’s used for on Apple. There was a mention of APIs, and other things related to push notifications, email and more. That did sound like developer info, but don’t take my word on this. The APIs per Apple appear to be related to push notifications, a few are listed. I understand I can’t post links on here, so

I’d suggest searching Apple and include keywords. Some very technical people have responded such as MrHoffman and IdrisSeabright, they both have resolved many questions based on posted profile numbers. But no resolutions to date. Curious, why do you think you are in developers? I’ve heard that before and don’t know how to tell. If I ever find the answer, I will post it, provided it’s within guidelines. BTW, one of my Trust Store numbers start with 2022, per Apple site, it says IOS 17 should start with 2023? I have/had several devices, one is rather old, another purchased last year, both start with 2022.

part 1 of 2:

T3ddy19 wrote:

In answer to your question, no I have not. I looked up some of your keywords on Apple, and found a lot (even excess) of information, with links to more info, such as AAA certificate (it’s a valid cert per Apple).

It's one of the trusted root certificates shipped with Apple operating systems.

There are also reports of what is apparently a carrier app installing a related root certificate.

The current Cert number based on OS is also listed is Apple. Mine does not match but I don’t know why.

Trust stores are updated occasionally, and folks running older operating system versions will have older trust stores. Apple might patch an older operating system for a trust store issue, but that doesn't happen very often.

But I could not figure out what AAA is used for exactly it’s used for on Apple.

It's a root of trust for the certificates provided by the particular certificate authority. Which tells those unfamiliar with modern networking and with distributed authentication approximately nothing. Then if the discussion gets into the mathematics, the audience usually glazes over.

There was a mention of APIs, and other things related to push notifications, email and more.

Certificates are presented by users, by apps to servers, by web servers to web browsers, sometimes by web browsers to web servers, by printers including AirPrint printers, and by other stuff. Certificates are either self-signed, or are signed and can be traced back to some trusted root certificate. The trusted root certificates can be locally loaded (such as can happen via certain types of apps or via IT-provided certificate profiles), or the trust store can be pre-populated by the operating system provider, or the trust store can be provided by the server or client package provider depending on the details of the particular configuration.

We're getting into the "glazes over" part.

That did sound like developer info, but don’t take my word on this. The APIs per Apple appear to be related to push notifications, a few are listed.

Push notifications do use certificates, but so too does pretty much everything else these days.

I understand I can’t post links on here, so

I’d suggest searching Apple and include keywords. Some very technical people have responded such as MrHoffman and IdrisSeabright, they both have resolved many questions based on posted profile numbers. But no resolutions to date.

There is nothing to resolve here, as I've yet to see any indication of anything wrong here.

Curious, why do you think you are in developers?

Developers might use frameworks that use certificates, and some will generate or use or verify certificates directly in their code. Developers are not particularly relevant to certificates and certificate stores. If anything, system administrators and the folks establishing their own private trusted certificate chains will spend somewhat more time in this area. And Apple spends time here of course, as they provide many of the frameworks used, and provide the certificate stores.

I’ve heard that before and don’t know how to tell. If I ever find the answer, I will post it, provided it’s within guidelines. BTW, one of my Trust Store numbers start with 2022, per Apple site, it says IOS 17 should start with 2023? I have/had several devices, one is rather old, another purchased last year, both start with 2022.

That would usually mean an operating system version that arrived somewhat prior to 2023071300 is in use; a version released before July 13th, 2023. For operating systems released after that date, the current trust store version is 2023071300.

If any here are not already running iOS 17.1.2 or iPadOS 17.1.2 on a device capable of running iOS 17, time to update.

If you are running at least 17.1.2 and don't have that 2023071300 trust store (or a later version, if and as that becomes available), you can back up the device, factory reset the device to 17.1.2, and restore, and check again.

1/2

?? Me too. 2023032800

Trust asset version:20

I should mention, generally when you go to a secure site, like Amazon and it’s https, it will install a security cert for that site. But I don’t see a list stored anywhere?

Yes, what you posted it a legitimate Apple conversation.

That was me in response to your posted response from an unknown email address used to send you a message.

Do you know why you are targeted? Just wondering…