How can I identify an unrecognized Trust Store version?

RegularGal17 wrote:

Having same issue, among many others, including (but not limited to) having Enterprise MDM installed, developer software, etc. Haven’t been able to get any help anywhere (DHHS, FBI, FTC, FCC, etc) and as a health care provider, I have protected health info on my device!

If you’re a covered entity or business associate, you’ll want to discuss your concerns with your organization’s IT InfoSec organization, and with your organization’s legal services. Nobody replying to this around here is likely part of your InfoSec, or is part of your legal representative.

Otherwise, “If an entity does not meet the definition of a covered entity or business associate, it does not have to comply with the HIPAA Rules.” That means that data is yours to protect as you see fit, absent other commitments between you and others, or other applicable non-HIPAA regulations.

The trust store was updated back in January (on the 31st of course, as is indicated in the version), and as has been typical in recent years, the Apple documentation has lagged.

The article that’ll likely eventually be updated is this one:

Available trusted root certificates for Apple operating systems - Apple Support

Others have logged feedback about that missing article, and y’all are welcome to add your comments to that article. Tap “no” next to “helpful?” at the bottom of the linked Apple article, and fill in the feedback text box.

I just want to clear things up: this is the correct and latest trust store version although the main Apple websites yet to be updated. I am sure of this as I work with a large corporate and we validated with Apple directly on this point for audit.

For those involved with hacking attempts the first thing to do is to DFU mode reset compromised Apple assets and then restore (not from backups). Reset your home router if isp provided holding the pin reset for 120 seconds which triggers firmware refresh on most cable ISP provided modems and routers, else ensure latest firmware from the manufacturer. Note this will erase devices.

Setup any smart devices and potential devices that are easily compromised (non branded bulbs etc) onto the guest WiFi network which can be setup on most routers. This moves them away from the main network and reduces attack surface.

Run more advanced scanners on windows eg Norton power eraser, and kaspersky which are well known for identifying malware based on behavior.

Run imazing spyware scanner on iOS devices.

Setup a DNS Filter and add in threat intelligence feeds and malware checks via eg AdGuard DNS or NextDNS. This filters all traffic from onboarded devices.

Ensure MFA/two factor on all services including Apple services as possible.

Run Apple privacy checkup and other providers such as Google offer the same.

Login to security section of services eg Apple and Microsoft and logout unknown active sessions or all sessions if unsure. Note you may need to relogin.

Update firmware especially on windows devices (also known as the bios).

Ask your isp if they offer smart security or monitoring of your home network for malicious activity - a few do. One example in the UK: https://www.virginmedia.com/virgin-tv-edit/tips-and-tricks/smart-security

Change email passwords, remove active sessions, enable MFA.

Check Google, Apple, etc for “app passwords,” these provide login that bypasses normal passwords and MFA.

Check for MDM enrolment on all devices and if active (& unexpected) contact Apple or whoever supplied the device with purchase history to validate ownership and work with them on removal. Do the same with the MDM operator. They’ll usually remove as it’s a crime and falls under stalking.

Turn on device encryption whenever you can.

Best of luck.

Terror-Byte wrote:

I have trust store version 2024040500. It seems shady, and the option to turn it off will not let me. I did research and read it was from 2013. I’m not 100% on this, I’m no iPhone master, but I know enough that I have an issue to say the least. I’ve also had many sites refer to my device as being an organization phone. I’m 50 do not know any organization, at least know of them too which my device would/should render! Any advice, I already know there’s a problem.? Thx

That would be the current trust store. It is not from 2013, but rather from April 5th 2024 and a recent iOS update.

Apple has not updated their article to reflect this version, which unfortunately isn’t all that unusual.

As for what various websites might refer to your iPhone, you’ll want to address that with those websites. Or simply ignore it, of course. There are lots of ways to mis-identify a device.

The trust store is a fundamental part of iOS, and an analog is available on every modern computing platform.

The Apple iPhone trust store is protected against unauthorized modifications, same as the rest of iOS.

Nothing here seems at all unusual or even remotely concerning.

That 2024040500 would be the current Trust Store version shipping with current Apple versions, as of iOS 17.6.1, iPadOS 17.6.1, etc.

We’ll likely get a new trust store version as iOS 18 is released Real Soon Now too. Could be 202407xxx, 202408xxxx, or maybe 202409xxxx. Those numeric versions are the associated trust store release date, year, month, day, build.

Apple has not (yet?) updated their published documentation to reflect the 2024040500 trust store contents.

You can log some feedback with Apple about this documentation issue. Scroll down in the associated article to the “Helpful?” section, tap “no”, and in the feedback box that then appears mention that the current trust store is 2024040500.

The following DuckDuckGo or Google search string finds lots of previous discussions of this same trust store:

2024040500 site:discussions.apple.com

Apple has updated their open-source releases to include this trust store version among what is published.

Here are the certificates associated with that trust store, directly from what Apple uses to build the trust store:

https://github.com/apple-oss-distributions/security_certificates/tree/security_certificates-55297.120.3

Here is the asset version showing the same 2024040500 asset version number:

https://github.com/apple-oss-distributions/security_certificates/blob/security_certificates-55297.120.3/config/AssetVersion.plist

Here is the path to the referenced GitHub source code directly available from and documented on the main Apple website:

https://opensource.apple.com/releases/

Likely also a normal carrier management profile and Wi-Fi networks from a cellular carrier. Carriers routinely load their own cellular off-load Wi-Fi networks, with carrier older configurations using profiles and newer setups using some features implemented by Apple that add Wi-Fi offload profiles indirectly via carrier settings. These Wi-Fi networks will usually have carrier-related names, and will usually be documented at the carrier support website.

Without some details of that stuck multiplayer button, it’s hard to address that one. This given the details of the button, maybe of Game Center or some particular app setting or whatever, is missing from this posting. Probably post a report of that stuck multiplayer button into new thread, rather than burying that question here in this trust-store-2024040500-is-current-and-normal thread.

The personal safety guide, and Safety Check, and two-factor authentication, and maybe Lockdown Mode, would be the usual suggestions, and probably also adding a freeze on the credit bureau reports.

Isosceles_ wrote:

Please provide links to the feedback that others have logged about the missing apple.com article. This thread is the only search result I’ve been able to find thus far about Trust Store Version 2024013100.

Apple doesn’t publish directly-provided user feedback. I’ve previously logged feedback around this, and I’ve seen the same stale-article case arise over the years, too. There are previous trust store discussions mentioning both that article and this same situation, too. Which should be enough keywords for your search.

If you want to log your own feedback, that would be this: “Others have logged feedback about that missing article, and y’all are welcome to add your comments to that article. Tap “no” next to “helpful?” at the bottom of the linked Apple article, and fill in the feedback text box.”

No malware and no hacker would be 🤡 enough to intentionally change the trust store version number, and if any malware has write access to iOS (which would inherently be involved in adding or removing trust store contents), there are better targets for modifications. If it were not a legitimate change, that difference would be a 🚩.

If y’all believe you might be or are the target of the sort of malware that could make changes to iOS itself including changes to the trust store and its displayed version, y’all are also far outside the scope of what anybody here can help with.

maricleo08 wrote:

Trust store version : 2024040500

That would be the current Trust Store version shipping with current Apple versions.

Apple has not (yet?) updated their published documentation to reflect the 2024040500 trust store contents.

You can log some feedback with Apple about this. Scroll down in the associated article to the “Helpful?” section, tap “no”, and in the feedback box that then appears mention that the current trust store is 2024040500.

I can’t identify it, but would also like answers from someone who can. My OS is up to date, but it doesn’t match the number that Apple provides on this website when you click the link “Learn more about trusted certificates” on an Apple device in Settings. They say “This article lists the certificates for Trust Store version 2023071300, which is current for iOS 17, iPadOS 17, macOS 14, tvOS 17, and watchOS 10 and later.” I’m curious about the discrepancy between these two numbers.

The url where I got the quote is: https://support.apple.com/en-us/105116

wolverine_821 wrote:

Trust store version 2024040500

That would be the current Trust Store version shipping with current Apple versions, as of iOS 17.6.1, iPadOS 17.6.1, etc.

Apple has not (yet?) updated their published documentation to reflect the 2024040500 trust store contents.

You can log some feedback with Apple about this. Scroll down in the associated article to the “Helpful?” section, tap “no”, and in the feedback box that then appears mention that the current trust store is 2024040500.

The following DuckDuckGo or Google search string finds lots of previous discussions of this same trust store:

2024040500 site:discussions.apple.com

Here are the certificates associated with that trust store, directly from what Apple uses to build the trust store:

https://github.com/apple-oss-distributions/security_certificates/tree/security_certificates-55297.120.3

Here is the asset version showing the same 2024040500 asset version number:

https://github.com/apple-oss-distributions/security_certificates/blob/security_certificates-55297.120.3/config/AssetVersion.plist

Here is the path to the referenced GitHub source code directly from Apple:

https://opensource.apple.com/releases/

Having same issue, among many others, including (but not limited to) having Enterprise MDM installed, developer software, etc. Haven’t been able to get any help anywhere (DHHS, FBI, FTC, FCC, etc) and as a health care provider, I have protected health info on my device!

Please provide links to the feedback that others have logged about the missing apple.com article. This thread is the only search result I’ve been able to find thus far about Trust Store Version 2024013100.

I also have this!! I have been dealing with my devices being compromised & mirroring to a PC & I know it’s on a MDM but bc it’s not listed under VPN & device management, they say it’s not. But I have found it’s hooked to a pc that has it on. I also found that my IP address says I’m on a cloud flare Enterprise/Corporate web hosting!! This is my personal phone!! Never have I ever had a business phone. How do I remove this?! Or trace it back to whoever did this ?! I have my suspicions but would love solid proof, as this has devastated so many aspects of my life. But peace of mind mostly, having no privacy. Having them in my surveillance cameras etc! 😫 How do I stop screen mirroring as well?!i

its almost like they’ve recreated my entire settings app bc I’m missing certain settings- no pasteboard at all!!!

I’ve even found a video of my keystrokes being recorded with a quick time video in my iPhone messages storage !!

I can go on & on! Sure I can factory reset but they’ve used DT to manipulate the code in all my apps as well. All my email accounts are intercepted & sent as phishing emails & any time i contact any company for support, I get a reply from “zendesk” support & get no help! HELP!!

Also, is anyone familiar with

ooohlalabee wrote:

So who CAN help ?!!

This thread is about Trust Store, and that’s a fundamental part of iOS, distributed authentication, and secure networking. Most any modern computing platform has an equivalent trust store, as well.

An iPhone that has actually been exploited is far beyond the assistance that can be offered around here.

Not past what has been suggested in many previous replies (factory reset, unique and robust passwords, security keys, maybe lockdown, etc), and for cases detected by Apple in Apple Support articles including: About Apple threat notifications and protecting against mercenary spyware - Apple Support

Nobody here has the access to rummage through what you’re reporting either, and to identify and to differentiate what are unfortunately utterly normal and mundane activities which can include Cloudflare IP addresses (that is probably iCloud Private Relay usage, for instance) and the endemic commercial surveillance, and what evidence might or would indicate a compromise.

As for “peace of mind”, that’s a difficult proposition to achieve. At best. No one can prove a negative; that a device was not or is not or cannot be exploited. Not to the satisfaction of most folks posting in these threads. And for all any of us can know, you might be a valuable target to some exceedingly well-funded adversary—the sorts of individual exploits used here are worth millions of dollars, and are targeted; not deployed with profligacy.

Dmgator wrote:

Same here! They tell me it's impossible and I'm basically crazy. Many vulnerabilities they do not want broadcast.

This thread is about the Trust Store, and that’s a fundamental part of iOS, distributed authentication, and secure networking. Most any modern computing platform has an equivalent trust store, as well.

An iPhone that has actually been exploited is far beyond the assistance that can be offered around here.

Not past what has been suggested in many previous replies around the community (factory reset, unique and robust passwords, security keys, maybe lockdown mode, etc), and for cases detected by Apple in Apple Support articles including: About Apple threat notifications and protecting against mercenary spyware - Apple Support

Nobody here has the access to rummage through your device, nor through the device-security-relevant parts of your life.

No one can prove a device was not or is not or cannot be exploited. Not to the satisfaction of most folks posting in these threads. And for all any of us can know, you might be a valuable target to some exceedingly well-funded adversary—the sorts of individual exploits used here are worth millions of dollars (each), and based in all available evidence are targeted; are not utilized and not deployed widely.

As for broadcasting vulnerabilities, neither Apple nor security researchers are inclined to provide details of vulnerabilities that might then lead to cause widespread exploitation of an existing vulnerability, pending remediation.

I too have this cert. So nobody has an explanation of where it came from and the legitimacy of the cert?

I can tell you I’m 100% hacked rn. Saw my mic running in top left corner and my cam light randomly comes on. Also yesterday the hacker jammed up my “find” app toggle by graying it out. I had no choice but to restore factory settings and use an old backup. I’m pretty sure he did it via LTE which is scary. My 2 PC’s also are hacked.

I literally have tried everything and the antivirus and malware apps are worthless for these exploits. The guy is very good, super relentless, dedicated, calculating, fast, and I’d wager to say the FBI is already looking for him. I’ve spent tons of hours trying to figure it out. Pretty sure system32 folder is where it’s at in my PC’s.

I slso stumbled across a bunch of codes that tell me things about my phone that I never knew. This guy had my unanswered calls forwarded to a Miami (305) number and when I called it’s a voicemail. I was able to change his unprotected vm password to a 4 digit pass yesterday and no messages were left.

I’ve switched out my xfinity xfi router and have reset my network 5 times in 4 days to no avail. I went out and procured the top rated antivirus and malware apps) mostly trials and not one of them found my problems.

I took my phone offsite last night and restored. After he restricted my control over the find my app and another app Game Center uses I lost hope until I remembered about the DFU mode. I could restore bf that as iTunes and iCloud would say turn on the find my app and try resetting again.

So, after all this the dude is back. If you want to check out the codes to dial, search on web “2024 best iPhone codes” and it should intrigue you.

So I think he’s using a server, socket, c and remote (not MS remote) in my PC’s. I’ve gone into services on win 10 and zapped a bunch of running services and got his attention bc he would shut me down of the settings, firewall, start button, and anything else. He made my admin status look like a joke on my own PC’s. I’ve been recording hrs and hrs of footage on my PC’s and naturally he messed up a couple times. I bet both my arms Im in a spot where nothing can help me at this juncture until the mouse gets the cat. That’s my .02. It’s obvious he like lawnmower man and sitting pretty in side my network somewhere

TL;DR - I’ve been hacked and believe there’s nothing yet that can combat these exploits and it’s so frustrating!!!

[Edited by Moderator]

This thread is about the Trust Store, and that’s a fundamental part of iOS, distributed authentication, and secure networking. Most any modern computing platform has an equivalent trust store, as well.

You are reporting cross-platform exploits worth multiple millions of dollars (each), exploit tooling worth far more, and reporting a situation vastly beyond what assistance can be offered pretty much anywhere.

What you are claiming is vastly beyond what assistance can be offered pretty much anywhere, across multiple platforms and services.

Not past what has been suggested in many previous replies around the community (factory reset, unique and robust passwords, security keys, maybe lockdown mode, etc), and for cases detected by Apple in Apple Support articles including: About Apple threat notifications and protecting against mercenary spyware - Apple Support

Nobody here has the access to rummage through your device, nor through the device- and security-relevant parts of your life.