Certificate Trust Settings 18.0

That you might have a new iPhone is irrelevant. The trust store is part of the operating system, and the contents of the trust store are (in longstanding practice) common across iPhone, iPad, and Mac.

Apple updates the contents of the trust store when necessary. Not on any particular schedule. If a certificate authority vendor has not been added or removed, and if existing root certificates need no changes, then there is no need to alter and re-publish and re-ship the trust store.

When an update to the trust store is needed, the trust store update then ships with the next associated operating system releases, and continues to be part of subsequent releases until the next trust store update.

2024051501 is the current trust store for iOS 18.3.2, iPadOS 18.3.2, and macOS 15.3.2.

An not-always-current history of trust stores: Available root certificates for Apple operating systems - Apple Support

Here are the certificates associated with the 2024040500 trust store (00, not 01), directly from what Apple uses to build the trust store:

https://github.com/apple-oss-distributions/security_certificates/tree/security_certificates-55297.120.3

Here is the asset version showing the 2024040500 asset version number (note: this is the base build 00, not 01, and I’m not going to go hunt around for the link to the 01 build right now):

https://github.com/apple-oss-distributions/security_certificates/blob/security_certificates-55297.120.3/config/AssetVersion.plist

Here is the path to the referenced GitHub source code directly available from and documented on the main Apple website:

https://opensource.apple.com/releases/

Per Apple: “The trust store version is a number in the format YYYYMMDDNN, where YYYY is the year, MM is the month, DD is the day, and NN is the build number. By convention, NN=00 for base builds that will ship with an OS release, and a non-zero value for asset builds that ship as a standalone update. For example, 2015011900 indicates the trust store contents were changed on 19 Jan 2015, and this is a base build. If the trust store is being produced as a standalone update, this could be 2015011901 instead.”

@MrHoffman if I’m understanding you correctly, and as stated by Apple, “2024051501 is the current trust store for iOS 18.3.2, iPadOS 18.3.2, and macOS 15.3.2.”

Then 2024051501 should also be the current trust store for iOS 18.4 which was released 03/31/25.

So should I be concerned in way at all given that both my iPhone 13 Pro & 14 Pro Max are showing 2025022600 as the current trust store for iOS 18.4? It was showing as current trust store for the former iOS 18.3.2 on both devices as well.

(No I have not nor have I ever installed any CA of my own, configuration profiles or VPNS on either of my iPhones, nor am I using iOS Beta- I’m not tech savvy enough for that migraine)

iPhone 14 Pro Max

iPhone 13 Pro

@MrHoffman Thank you SO MUCH for posting this info!!! I have been searching for better STATIC documentation or resources for weeks/months on apple support and dev sites, but this GitHub tree will do wonders :) since nearly everything has a manual page.

Planning to create an easy script to run on archaic hardware (or FOR the archaic hardware, on newer to compile included necessary resources from online, burn to disk along with script, then open ON archaic hardware) which will progressively update the MacOS (and iOS) Security Certificate Trust Store, and any other specified Program Tag(s) to bring a system up to operable to present years. But this plan may still crash and burn as most do, so here's to plans though!! :) Thank you so very much for providing the links for this.

Dré274 wrote:

@MrHoffman if I’m understanding you correctly, and as stated by Apple, “2024051501 is the current trust store for iOS 18.3.2, iPadOS 18.3.2, and macOS 15.3.2.”

Then 2024051501 should also be the current trust store for iOS 18.4 which was released 03/31/25.

So should I be concerned in way at all given that both my iPhone 13 Pro & 14 Pro Max are showing 2025022600 as the current trust store for iOS 18.4? It was showing as current trust store for the former iOS 18.3.2 on both devices as well.

First, some background on the general concerns that can arise here:

No malware and no hacker would intentionally change the trust store version number, and if any malware has write access to iOS or iPadOS or macOS — access which would inherently be necessary to add, modify, or remove trust store contents — there are better targets for those modifications.

If the trust store version number were not a legitimate change, that version number difference would be a red flag, and an indication of compromise.

If you happen to believe you might be or are the target of exploits or malware that could make changes to iOS or iPadOS or macOS itself including changes to the trust store and to its displayed version, then y’all are also far outside the scope of what anybody here can assist with. These exploits are immensely expensive, and are targeted, based on available information.

If you are a political dissident, investigate journalist, with access to military or sensitive or classified data, with access to great wealth, senior in private or government entities, or other analogous roles or access, have deeply peeved some immensely-well-funded adversary, you may be at risk, and will want to review your security, and where and how your sensitive data is stored, accessed, and protected.

For this case:

No, you need not be concerned, as Apple revised the trust store since that reply of mine was posted back in mid March.

I’ve created a user tip for this topic, as old postings can’t be revised and updated, and user tips can be revised:

• Certificate Trust Store on iPhone, iPad, Mac - Apple Community