mebehere

macrumors 6502a
Original poster
Sep 21, 2012
591
335
I just updated to 13.4 and I don’t know if this was there before or not.

When I go to Settings > General > About > Certificate Trust Settings, I see...

Trust Store Version 2020020700
Trust Asset Version 7

Is this normal?

Thanks.
 
  • Like
Reactions: Bird en

Sllew777

macrumors newbie
Nov 10, 2020
1
0
I have iOS 14.2 RN, my trusted asset version is 9. I contacted Apple when I first noticed the “Trust Asset Version 7” on another device approx 1 yr ago. After being transferred, on hold etc. for a while the “senior” advisor attempted to locate any info on the subject.

I was told the Asset version has to do with a new internal rating for Apple Pay/wallet calculating the likelihood of fraud to occur on the device. My carrier Sprint was dumbfounded when I asked them. They thought it was something to do with the finance industry “asset”. So honestly who knows! I had pretty bad issues with my XS Max in 2018 regarding very strange certificates (SSL/TLS) and APN ( push cert) that was never resolved so I don’t bother asking Apple anymore or writing on the Apple forum because NO ONE COULD EVER HACK AN IPHONE! right- lol
I scour the Internet/ Dev areas usually.
Best regards!
 

Bird en

macrumors newbie
Feb 7, 2021
2
0
Bro i started on 7 years ago now im a TAv12 lol and been researching since 7. I can confirm that this is NOTHING NICE. the troubles i have had to go thru with apple and even phone carrier who was forcing certs on me both refuse to answer my questions or remove the certificates that they forced on after i purchased it. I am still fighting them on it 2 years later and may have to take it to court with the substancial proof i have and other victims. Look in ur analytic data and copy paste a full page of one of them to ur notes then click find in page and type "pegasus" i want to see how many of yall have that nastyness forced into ur device as well like i do. Never be quiet we need more to stand up because the ppl who mock us who may even know way more about tech than us couldnt be anymore wrong and i have had confirmation in various forms about this issue and how bad they are trying to hide and ignore it. If it was so normal why is it so hard to find documentation by apple on it? Why wont they answer on phone bout it.? Why doesnt anyone know like actually know lots about it? But we all can find out when the last time our phones passed gas or how many minutes our sex lives contain a day/ heart beat? Come one...
-bird
 

Dragonfly3015

macrumors newbie
May 9, 2021
3
0
My phone shows “trust asset version 11.” I’ve bought many new phones since 2012 bc they have been compromised, but it keeps on happening to me. I know who is goi g this, but I don’t know how to make it stop. I would be thrilled to join a lawsuit with others. Please contact me, but keep in mind you may need to try several times, as I have no “safe” device to ensure your attempt won’t be twarted.
 

Runs For Fun

macrumors demi-god
Nov 6, 2017
954
1,780
Not sure why everyone is freaking out about this? This is a trusted root certificate store. Every OS has some implementation of this. This allows the OS to communicate securely to SSL enabled websites.

There’s even a link on that settings page explaining this

 
  • Like
Reactions: !!! and BigMcGuire

Dragonfly3015

macrumors newbie
May 9, 2021
3
0
I understand what the Trust Store does. I don’t understand what is meant by “Trust Asset Version .” I have a generic understanding of what Secure Socket Layer is. I can’t find anything that explains what “TRUST ASSET VERSION” means, and why many people don’t have one listed in their iPhone. Trust Store, I get. I would really like an explanation of TRUST ASSET VERSION, please.

THANKS!!
 

Runs For Fun

macrumors demi-god
Nov 6, 2017
954
1,780
I understand what the Trust Store does. I don’t understand what is meant by “Trust Asset Version .” I have a generic understanding of what Secure Socket Layer is. I can’t find anything that explains what “TRUST ASSET VERSION” means, and why many people don’t have one listed in their iPhone. Trust Store, I get. I would really like an explanation of TRUST ASSET VERSION, please.

THANKS!!
This is on everyone’s phone. So many things wouldn’t work without it. The version number is just that. Certificates are periodically updated or removed so they create a new version of the bundle of certificates.
 

Dragonfly3015

macrumors newbie
May 9, 2021
3
0
This is on everyone’s phone. So many things wouldn’t work without it. The version number is just that. Certificates are periodically updated or removed so they create a new version of the bundle of certificates.
Thank you very much for differentiating between the two separate yet interrelated entities. I follow and understand your explanation, all up to one little part...not all iPhones have a “TRUST ASSET VERSION.” Unfortunately, that’s what leaves me still unsettled. I mean no disrespect toward you at all. Either way, thx for responding. :)
 

Runs For Fun

macrumors demi-god
Nov 6, 2017
954
1,780
Thank you very much for differentiating between the two separate yet interrelated entities. I follow and understand your explanation, all up to one little part...not all iPhones have a “TRUST ASSET VERSION.” Unfortunately, that’s what leaves me still unsettled. I mean no disrespect toward you at all. Either way, thx for responding. :)
I have never seen an iPhone or iPad without it. Can you provide a screenshot of one without it?
 

igottashrug

macrumors newbie
Jun 23, 2021
3
0
Los Angeles, CA
Hi everyone. This is my first post but I have been lurking and learning for a long time. I’m happy to provide that screenshot and some additional information I’ve learned in the 2 years of hell I’ve been through since my small business was a victim of a cyberattack (August 2019). Eventually all of my devices became infected and like the stories I’ve read here and elsewhere, I’ve had to replace key devices multiple times.

During the 2 years since the attack I have documented MANY (as in >25 to be conservative) iOS attack-related behaviors (Windows too many to count but definitely > 100) that I was able to isolated specifically to Apple-delivered applications (accessibility settings, Games, Screen Time, Mail, iCloud, Files, to name a few) by capturing this behavior on a device that contained only factory-installed Apple apps.

I’ve also searched as many forums as I could find for postings describing behaviors like the ones I’ve been trying to mitigate and every time I would find one it would be followed by derogatory, degrading and judgements comments to or about the OP. So I have stayed silent until now. I am only now coming forward because Apple’s multiple zero-day WebKit bug fixes released since the beginning of the year have eliminated most of my issues.

Needless to say I am beyond elated to have control back over my devices, but unfortunately am having to work through a lot of unexpected, I guess one would call it, PTSD. Like explained in posts by others, I have experienced almost two years of near-constant phone intrusions (eavesdropping and dropped calls), observation (pics taken of me when I was alone and before I covered all lenses), rogue certificates, hijacked files that were hidden and when found unable to be deleted (type a space in the Files app search field), lost clients and personal relationships, interactive screen “battles” with the bad actor over files and screen time settings, and on and on. So please don’t dismiss these claims as baseless because I assure you I have been extremely thorough in documenting everything I mention in this post.

A few other facts:

1) the appearance of Asset Trust Version 8 was one of the consistent indicators that my device had become infected either after purchasing the device or after a complete wipe via DFU. The second consistent indicator was the appearance of rogue certificates not linked to a profile that i could only find by starting to create a VPN connection via certificates (the Cisco choice) and viewing available certificates by clicking on the certificate field. This was on a device that had no VPN app nor any profiles displayed.

2) In the initial download and upgrade to iOS 13, I saw that the option to select Cisco VPN certificates was no longer possible - which makes sense since I did not have a Cisco VPN installed past or present. And voila, Asset Trust Version xx now appeared on everyone’s iOS devices. Prior to that the field was not present on my devices (as shown on my screen print) until the device was compromised. So for a year my two consistent indicators that my device was infected was removed with the upgrade to iOS 13. Unfortunately the problems seemingly tied to those two indicators did not disappear.

3) I’ve reported these and many other issues to Apple but either the tickets were closed without resolution or notifying me, or I would be given false or misleading information such as was with the 3 or 4 times I called about Asset Trust Version 8.

4) My devices were always updated the day an update was available.

I hope that others in the seemingly small group who have reported these intrusions have also found peace and privacy after applying the 14.x security updates for the Apple (pseudo-admitted) zero-day iOS and MacOS bugs.
 

Attachments

  • 3172DC63-C105-41CE-8EC4-C7911E807997.png
    3172DC63-C105-41CE-8EC4-C7911E807997.png
    1.5 MB · Views: 44

Runs For Fun

macrumors demi-god
Nov 6, 2017
954
1,780
Hi everyone. This is my first post but I have been lurking and learning for a long time. I’m happy to provide that screenshot and some additional information I’ve learned in the 2 years of hell I’ve been through since my small business was a victim of a cyberattack (August 2019). Eventually all of my devices became infected and like the stories I’ve read here and elsewhere, I’ve had to replace key devices multiple times.

During the 2 years since the attack I have documented MANY (as in >25 to be conservative) iOS attack-related behaviors (Windows too many to count but definitely > 100) that I was able to isolated specifically to Apple-delivered applications (accessibility settings, Games, Screen Time, Mail, iCloud, Files, to name a few) by capturing this behavior on a device that contained only factory-installed Apple apps.

I’ve also searched as many forums as I could find for postings describing behaviors like the ones I’ve been trying to mitigate and every time I would find one it would be followed by derogatory, degrading and judgements comments to or about the OP. So I have stayed silent until now. I am only now coming forward because Apple’s multiple zero-day WebKit bug fixes released since the beginning of the year have eliminated most of my issues.

Needless to say I am beyond elated to have control back over my devices, but unfortunately am having to work through a lot of unexpected, I guess one would call it, PTSD. Like explained in posts by others, I have experienced almost two years of near-constant phone intrusions (eavesdropping and dropped calls), observation (pics taken of me when I was alone and before I covered all lenses), rogue certificates, hijacked files that were hidden and when found unable to be deleted (type a space in the Files app search field), lost clients and personal relationships, interactive screen “battles” with the bad actor over files and screen time settings, and on and on. So please don’t dismiss these claims as baseless because I assure you I have been extremely thorough in documenting everything I mention in this post.

A few other facts:

1) the appearance of Asset Trust Version 8 was one of the consistent indicators that my device had become infected either after purchasing the device or after a complete wipe via DFU. The second consistent indicator was the appearance of rogue certificates not linked to a profile that i could only find by starting to create a VPN connection via certificates (the Cisco choice) and viewing available certificates by clicking on the certificate field. This was on a device that had no VPN app nor any profiles displayed.

2) In the initial download and upgrade to iOS 13, I saw that the option to select Cisco VPN certificates was no longer possible - which makes sense since I did not have a Cisco VPN installed past or present. And voila, Asset Trust Version xx now appeared on everyone’s iOS devices. Prior to that the field was not present on my devices (as shown on my screen print) until the device was compromised. So for a year my two consistent indicators that my device was infected was removed with the upgrade to iOS 13. Unfortunately the problems seemingly tied to those two indicators did not disappear.

3) I’ve reported these and many other issues to Apple but either the tickets were closed without resolution or notifying me, or I would be given false or misleading information such as was with the 3 or 4 times I called about Asset Trust Version 8.

4) My devices were always updated the day an update was available.

I hope that others in the seemingly small group who have reported these intrusions have also found peace and privacy after applying the 14.x security updates for the Apple (pseudo-admitted) zero-day iOS and MacOS bugs.
Trust Store Version and Trust Asset Version are the exact same thing. They just broke the version information down a little more some time after iOS 12. See the screenshots. One is from iOS 12 and one is from iOS 14. Again, this has nothing to do with being infected with anything. It's part of the OS.
IMG_0001.PNG IMG_BA09A94401DD-1.jpeg
 
Last edited:

igottashrug

macrumors newbie
Jun 23, 2021
3
0
Los Angeles, CA
I’m not going to pretend to know what these fields mean, but I can say with assurance that prior to iOS 13 (my screen print was from an UNcompromised iPad Air 2 on the latest 12.x release) after checking with many other people, no one else had anything other than the Trust Asset Store - no Version.

Once upgraded to iOS 13, the Trust Asset Version field appeared below Trust Store on every iOS device of mine - both compromised and uncompromised - as well as those I asked who did not have it prior to iOS 13.

Again, I’m only stating my experience that prior to iOS 13 this field always appeared in conjunction with the rogue certificates (ones that didn’t start with “com.”) which would also be the day irregular behaviors began again. I witnessed this many times having factory-reset/DFU’ed my iOS devices multiple times prior to purchasing a new device. Only to see the cycle repeat on the new device within a day or two of purchase - and oftentimes never having been on Wi-Fi thinking using only cellular data might keep the device protected.

I would be very willing to accept that this is a part of iOS if a) Apple would have validated that it was legitimate and would have offered an explanation as to how it was used, or b) everyone had it in their devices prior to iOS 13.

Having spent hours researching and more hours fruitlessly trying to work with Apple, it seems only logical something is being concealed about the presence of this field prior to iOS 13 when it suddenly displayed on all updated devices.

Could someone point me toward documentation that describes the purpose of this field (prior to iOS 13) and also explain why it only appeared on some devices prior to 13? I would be very grateful and would pass it on to anyone else posting on a forum about the same concern.

However, even if documented somewhere I didn’t see, it’s always going to remain puzzling why Apple would not just have answered the question and put fears to rest for me and those who have reported similar concerns as mine.
 

Runs For Fun

macrumors demi-god
Nov 6, 2017
954
1,780
Once upgraded to iOS 13, the Trust Asset Version field appeared below Trust Store on every iOS device of mine
That is because in iOS 13 they added the the Trust Asset Version field. This has nothing to do with being compromised! My job deals with security and trust me, this is just a part of the OS. Every OS has some implementation of a certificate bundle.

prior to iOS 13 this field always appeared in conjunction with the rogue certificates (ones that didn’t start with “com.”) which would also be the day irregular behaviors began again. I witnessed this many times having factory-reset/DFU’ed my iOS devices multiple times prior to purchasing a new device. Only to see the cycle repeat on the new device within a day or two of purchase - and oftentimes never having been on Wi-Fi thinking using only cellular data might keep the device protected.
No it didn’t. It appeared because it was added in iOS 13. It is not an indication of being compromised.
 
Last edited:

igottashrug

macrumors newbie
Jun 23, 2021
3
0
Los Angeles, CA
That is because in iOS 13 they added the the Trust Asset Version field. This has nothing to do with being compromised! My job deals with security and trust me, this is just a part of the OS. Every OS has some implementation of a certificate bundle.


No it didn’t. It appeared because it was added in iOS 13. It is not an indication of being compromised.
Thank you for the bold emphasis but I’ve read a reply similar to yours many times trying to discredit others who know something is amiss. You asked me to trust you. I don’t know you. I asked for proof. You provided none. i won’t be bullied or shamed as others have done with their “trust me” remarks. I would never have survived the past two years if I had listened to everyone who said “trust me” instead of doing the homework myself.

So just to be clear unless I missed something in your comment, you did not offer any documentation or reference in an SDK manual. Your emphasis on words does not intimidate me. Nor does your assertion of your field. What will get my attention in a good way is when you can move away from “trust me” (no pun intended I assume) and back up your assertions with proof as I have done with your request and will continue to do if asked.
 

Runs For Fun

macrumors demi-god
Nov 6, 2017
954
1,780
Thank you for the bold emphasis but I’ve read a reply similar to yours many times trying to discredit others who know something is amiss. You asked me to trust you. I don’t know you. I asked for proof. You provided none. i won’t be bullied or shamed as others have done with their “trust me” remarks. I would never have survived the past two years if I had listened to everyone who said “trust me” instead of doing the homework myself.

So just to be clear unless I missed something in your comment, you did not offer any documentation or reference in an SDK manual. Your emphasis on words does not intimidate me. Nor does your assertion of your field. What will get my attention in a good way is when you can move away from “trust me” (no pun intended I assume) and back up your assertions with proof as I have done with your request and will continue to do if asked.
Look, I'm not saying you weren't compromised. What I am saying is you are barking up the wrong tree here. The appearance of the Trust Asset Version field does not indicate a compromise. It is supposed to be there on >=iOS13.

 

Pauloh212

macrumors newbie
Jul 4, 2021
1
0
It’s been a while I’ve noticed some unusual things on my phone. I try to make myself believe I’m just paranoid. Trust asset version 13 🤔
7B85AC37-84A2-4779-B1F3-A55CD4D0C566.png
 

Runs For Fun

macrumors demi-god
Nov 6, 2017
954
1,780
That is normal and the current version.
0A9A344B-6FBA-4CB8-AF48-C6D9E97BA119.png

Anything strange you’re experiencing is unrelated to this.
 

xer010

macrumors newbie
Jul 5, 2021
2
0
I can tell you, with certainty, that a Trust Asset Version of 7 is a sure fire sign of a compromised device. I can even tell you how to get your device compromised, for the skeptics out there (if you don‘t believe me, just try it—dare you): Go to purifeye.net and sign up, download, and install. This is an internet filtering company, and they do compromise your device, but the way they do it is unknown (at least to me). Even after removing the software by resetting your device will leave the compromised trust store and show a asset version of 7. They clearly are using some sort of exploit that isn’t published.

Now, that being said, you can repair your device if you’re willing to spend some money. Here’s how: (1) On a safe computer (not yours!) download iMazing. (2) Download the .ipsw of the latest iOS from Apple (the url of the link should begin with “updates-http.cdn-Apple.com” (3) Then reinstall iOS using iMazing. Your trust store will actually be fixed, and should be 12 and soon after get an OTA update to 13, as of this post.

All these ”experts” here clearly don’t seem to understand that not every exploit is PUBLISHED or well-known. Let me put it like this: if a device has software, it CAN be hacked/exploited.

For those frustrated with Apple in this regard, they have a policy as follows:
”For the protection of our customers, Apple doesn't disclose, discuss, or confirm security issues until our investigation is complete and any necessary updates are generally available.”
ref:
hope this helps
 

Runs For Fun

macrumors demi-god
Nov 6, 2017
954
1,780
I can tell you, with certainty, that a Trust Asset Version of 7 is a sure fire sign of a compromised device. I can even tell you how to get your device compromised, for the skeptics out there (if you don‘t believe me, just try it—dare you): Go to purifeye.net and sign up, download, and install. This is an internet filtering company, and they do compromise your device, but the way they do it is unknown (at least to me). Even after removing the software by resetting your device will leave the compromised trust store and show a asset version of 7. They clearly are using some sort of exploit that isn’t published.

Now, that being said, you can repair your device if you’re willing to spend some money. Here’s how: (1) On a safe computer (not yours!) download iMazing. (2) Download the .ipsw of the latest iOS from Apple (the url of the link should begin with “updates-http.cdn-Apple.com” (3) Then reinstall iOS using iMazing. Your trust store will actually be fixed, and should be 12 and soon after get an OTA update to 13, as of this post.

All these ”experts” here clearly don’t seem to understand that not every exploit is PUBLISHED or well-known. Let me put it like this: if a device has software, it CAN be hacked/exploited.

For those frustrated with Apple in this regard, they have a policy as follows:
”For the protection of our customers, Apple doesn't disclose, discuss, or confirm security issues until our investigation is complete and any necessary updates are generally available.”
ref:
hope this helps
Purifeye is not using any exploit. From what I can tell they are installing a certificate to basically MITM your connection to provide content filtering. This certificate probably doesn’t get removed when you uninstall their software. If you install and trust someone’s certificate you need to make sure you absolutely trust them. Don’t go installing shady certificates.
 

xer010

macrumors newbie
Jul 5, 2021
2
0
Purifeye is not using any exploit. From what I can tell they are installing a certificate to basically MITM your connection to provide content filtering. This certificate probably doesn’t get removed when you uninstall their software. If you install and trust someone’s certificate you need to make sure you absolutely trust them. Don’t go installing shady certificates.
While it‘s not my style to engage in forum battles, I feel I should respond to this thread for the sake of others.

1) Yes, it is MITM attack prima facie
2) It is clearly an exploit because the damage to the certificate store survives software reset.
—a) this is not to spec for iOS devices
—b) trust ASSET version is permanently modified without complete software restore (read: this is separate and different from software reset), which is what this thread is asking about

All that aside, anyone with security concerns should follow my advice above to remedy any trust store related concerns they have.

In response to the OP and others concerned, the correct trust store info as of of 9 Jul 21 is posted at the following URL, courtesy Apple:
P.S.
Re: Purifeye; malwarebytes even identifies and quarantines the installer as a possible zero-day exploit. The disclosed certs added are bundled with the MDM profile. The exploit modifies the trust store
—And—
Not that it matters, I am an actual cyber sec ”expert” with nearly 15 years experience, and University degrees to go along with it. :)
 
Last edited:
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.