I get a pop-up window asking "Do you want to download "occ" in my Safari browser

I am on iPhone 14 release 17.6.1 and started getting the occ download message this past week. I hadn’t updated anything since 17.6.1 update became available.

EbonyB… thanks for running with this. You’re the bestest!

I am in Canada and started getting this same thing a few days ago. It’s super annoying and cannot understand why Apple is not dealing with this considering their products cost a lot of money. I am getting this on news sites and am using an iPad Air.

This is a very helpful response, a concise synopsis of what’s being reported by the community.

And it’s also reassuring, particularly that last part about how executable files cannot be downloaded to iPhones.

Thank you.

Just to be safe, it’s an unknown thing. I do most of my work on the iPad Pro. I didn’t click it, but it’s really easy to accidentally do it when your using a mouse. And to be honest I have to update my iPad anyways. But would it work? I’m going to stay off random news sites for now.

Hi guys. I think I have a clue here. A fez days ago I activated private relay in iCloud configuration. After this the popup start showing here. I think there some issues relates to ads. I deactivated this option and popup stop here.

Please check this.

I was getting this pop-up for the past two days. Now I am getting a new pop-up asking “Do you want to download sync?” I have never seen either of these pop-ups before. They always occur when reading online news.

Try loading an ad blocker, and adjust its settings to both allow you into the intended website, and to block this occ download request.

Looking into this occ topic again, a newspaper website had a discussion (with no more details than anybody else has about this), and that webpage itself amusingly served up the occ download.

I’d expect this is some rubbish being served from an ad network somewhere.

Ad networks are too often flaming security trash-fires, unfortunately.

Try an ad blocker.

Guitartrooper wrote:

But I still would like to know the root cause.

Yahoo screwed up somewhere within their data collection / tracking / analytics implementation, as a guess.

I’d doubt we’ll ever see an announcement or post mortem review published, whatever the source was.

Don’t make the mistake of assuming that this web stuff is simple, that it’s all served from one server, or that two people will receive even remotely the same data served to them, too.

Bewildered133 wrote:

Hello. Apple. Is anyone there?

Nope, this is a user to user site. If you want to contact Apple directly then follow up with this link:

Contact Apple for support and service - Apple Support

Bill Bradford wrote:

Mac Jim ID wrote:

There is no executable that you can download no matter if there is a prompt for it or not. You will not be installing Malware on the iPhone or iPad.

Do you have any external citations to support this belief?

Among other details, iPhone apps are code-signed, which constraints which apps can run.

Side-loading is a means to bypass the app store code-signing process, and is used by developers to test apps, but that side-loading requires specific steps to enable execution.

Apple that bypass all of iOS security including code-signing are rare, exceedingly expensive, variously complex, and — based on available evidence — the usage of these exploits has been targeted.

Rare? I’ve seen reported (but have yet to confirm) that no (public) kernel exploits have been found in iOS 17. (Older hardware gear with A11 and earlier has exploits.)

Not cheap? Exploit offers can be millions of dollars, for the exploit itself.

Complex? The weird machine that NSO used to target iOS versions prior to 14.8 is exceedingly clever:

https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html

Targeted? Senior in government or private, with access to great wealth, with access to sensitive or classified data, political dissidents, investigative journalist, those associated with militaries involved in conflicts or espionage, in business or personal relationships with or serving as an annoyance to exceedingly wealthy folks? That seme like you? Maybe get some more specific help?

As for occ stuff, this isn’t the first time some ad network has tried offering something weird. See if an ad blocker blocks this, or block traffic to *.analytics.yahoo.com if thenad blocker allows that.

If you’re particularly concerned or a potential target, I’d suggest getting newer hardware, and getting specific assistance with your security, and potentially enabling features such as Lockdown Mode.

Related: About Apple threat notifications and protecting against mercenary spyware - Apple Support

I’m having the same issue or very similar..

On iPad under 17.6.1 when I visit some news sites, I’m getting spontaneously redirected to a page inviting me to open or download OCC.

Got the message again but was in different format. It showed that the “occ” file comes from “ups.analytics.yahoo.com”. This was using the Firebird search engine.

I got it looking at msnbc website. I’m going to avoid news sites for the time being.

I too have been getting it over the past few days on my iPhone 13 IOS 17.6.1.