You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

I get a pop-up window asking "Do you want to download "occ" in my Safari browser

I recently updated to iOS 18.0 a couple days ago. In my Safari web browser i get a pop-up window asking me if I want to download occ. I had this occur several times on different sites. I “x” the window closed. I have no idea what ‘occ’ is and as a precaution will not download anything that I have no clue about. see attached screen shots below.

Thanks


[Re-Titled by Moderator]

iPhone 14 Pro, iOS 18

Posted on Sep 18, 2024 9:58 AM

Reply
Question marked as Top-ranking reply

Posted on Sep 19, 2024 11:51 AM

So, I have spoken to the escalation team. They were able to see it happening real time on my device. They are bumping this up to the engineers. It hapoens on Chrome and Safari. News type sites. Post iOS 18 update.


There’s nothing that basic troubleshooting can do so PLEASE DON’T FACTORY RESET IF A SUPPORT PERSON TELLS YOU TO RIGHT NOW. 😨


They were largely unaware of the problem because I’m assume the gross majority of people did not reach out to them. (I did show them the number of folks here via screen-share).


I will be contacted on Tuesday after the engineers have taken a tinker. Hopefully they can fix it fast.


I was given a direct contact to the escalation team member in case something else pops up.


So! Until then the directive from Apple is: Do not download anything from a pop up, avoid those news sites for the time being if you can. (Don’t wanna accidentally click).


I’ll loop back Tuesday. 👋🏽

232 replies

Sep 20, 2024 8:24 AM in response to mochool

One of the posters here who spoke with Apple support, said: “They (Apple support) were largely unaware of the problem because I’m assume the gross majority of people did not reach out to them.”


A problem this widespread should have been discovered during functional and regression testing before the new software was rolled out. Apple should not be relying on users to report problems like this.

Sep 22, 2024 9:18 AM in response to mochool

Earlier I posted a comment that said Apple should test their software more thoroughly before rolling it out. When I said that, I did not consider the possibility that the prompt to download OCC is caused by a web component on the backend web server, rather than on the iOS device. So I’d like to apologize for that comment. It’s very possible software running on the web server that is common to news websites, is actually causing the problem on iOS devices running safari. Sorry Apple. But I still would like to know the root cause.

Sep 27, 2024 6:52 PM in response to mochool

Seems likes it happens with the first few links at the top of the search, not always, but always annoying. It happens with Reddit links, news, and just random stuff. It even happens if you click a link from images, I did that, got the pop up, closed it, and clicked a diff area and it actually loaded correctly, so it’s like something is in front of the place you’re clicking, i dont know, or, it one certain areas for some reason.


I also hit download one time by mistake lol, it saved to my files but it was nothing, I just deleted it.

Sep 20, 2024 4:13 PM in response to Raymo3

Raymo3 wrote:

Is Apple no longer safe from viruses and malware pop-ups? Should I move exclusively to Windows computers?

There is no executable that you can download no matter if there is a prompt for it or not. You will not be installing Malware on the iPhone or iPad.


You are free to move to a Windows computer, but sorry those protections would no longer apply to you.

Sep 20, 2024 8:40 PM in response to Bill Bradford


Mac Jim ID wrote:
There is no executable that you can download no matter if there is a prompt for it or not. You will not be installing Malware on the iPhone or iPad.

Bill Bradford wrote:
Do you have any external citations to support this belief?

  • Unlike other mobile platforms, iOS and iPadOS don’t allow users to install potentially malicious unsigned apps from websites or to run untrusted apps.
  • At runtime, code signature checks of all executable memory pages are made as pages are loaded to help ensure that an app hasn’t been modified since it was installed or last updated.
  • After an app is verified to be from an approved source, iOS and iPadOS enforce security measures designed to prevent it from compromising other apps or the rest of the system.

Intro to app security for iOS and iPadOS - Apple Support (CA)


  • After the iOS or iPadOS kernel has started, it controls which user processes and apps can be run. To help ensure that all apps come from a known and approved source and haven’t been tampered with, iOS and iPadOS require that all executable code be signed using an Apple-issued certificate.
  • Mandatory code signing extends the concept of chain of trust from the operating system to apps and helps prevent third-party apps from loading unsigned code resources or using self-modifying code.

App code signing process in iOS and iPadOS - Apple Support (CA)


  • All third-party apps are “sandboxed,” so they are restricted from accessing files stored by other apps or from making changes to the device.
  • Each app has a unique home directory for its files, which is randomly assigned when the app is installed. If a third-party app needs to access information other than its own, it does so only by using services explicitly provided by iOS and iPadOS.
  • System files and resources are also shielded from the users’ apps. Most iOS and iPadOS system files and resources run as the nonprivileged user “mobile,” as do all third-party apps. The entire operating system partition is mounted as read-only. Unnecessary tools, such as remote login services, aren’t included in the system software, and APIs don’t allow apps to escalate their own privileges to modify other apps or iOS and iPadOS.
  • Further protection is provided by iOS and iPadOS using ARM’s Execute Never (XN) feature, which marks memory pages as nonexecutable.

Security of runtime process in iOS and iPadOS - Apple Support (CA)


You simply cannot download any file on the internet and run it. The System files cannot be changed as they are all Read Only. Any app that is allowed to run on the OS must be signed by Apple and Developers must be registered with Apple where the app also contains their Developer ID. Apps are sandboxed without any access outside of their Home folder.

Sep 21, 2024 5:34 AM in response to Mac Jim ID

Mac Jim ID - Thanks so much for the information.


It makes iOS sound invulnerable, but I note in a different article that "Apple's long-awaited iOS 18 refresh landed Monday with fixes for at least 33 security vulnerabilities that expose iPhones and iPads to an assortment of malicious hacker attacks." () so is it possible that anyone encountering this issue before updating to iOS 18 could be in danger?


[Edited by Moderator]

I get a pop-up window asking "Do you want to download "occ" in my Safari browser

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.