Re: suspicious stuff on iphone
On Feb 16, 2025, at 8:20 AM, tim meidroth via groups.io <timmeidroth@...> wrote:
my use of "clearly" malicious and "clearly" not from apple were conclusions made in haste because sometimes suspicious-looking things turn out to be innocuous...i think this probably is the case here, I appreciate that you were worried about what you saw, but you might want to be careful about posting such absolute conclusions. I’ve never heard of *ANYONE* encountering *ANYTHING* that was truly malicious on an iPhone. The worst that I’ve heard of is someone getting an advertisement on their iPhone (offered up by either a Web site or as part of a game with ads) that looked like it was an alert that you had been infected with something. Even that, in and of itself, couldn’t actually do anything malicious. It could only try to scare you into calling a phone number or volitionally buying software that you didn’t need and really didn’t want. I’m on one Apple product discussion forum with well over a quarter million subscribers. It’s been around for as long as the iPhone has. There isn’t a single legitimate post on that list of anyone being hit by any sort of iPhone malware. Every single program on the iPhone is sandboxed. No software, no matter how malicious, even if it somehow got onto your iPhone, can access, change, or even scan your OS, or other software on your phone. Your iPhone is pretty much locked down, unless you do something that I’m sure that you don’t even have a clue how to do, like jailbreak your phone. Your Macintosh is a really really safe computer. Your iPhone is a level or two even safer than your Macintosh. I’d say that whatever you might encounter on your iPhone that you don’t understand, your first thought shouldn’t be that it is malware. Your iPhone is that safe. ***As an interesting side note, I’m occasionally asked if it is a wise idea to purchase anti-virus software for the iPhone “just to be safe.” My answer is that *ALL* anti-virus software for the iPhone is a scam, and you shouldn’t throw your money away on it. How can I make such a blanket statement? Well, unless you live in the EU, you can only download software for your iPhone from the App Store. Apple vets all software allowed in the App Store. Apple requires that all software be sandboxed. That means that any anti-virus software that you purchase from the App Store is absolutely *INCAPABLE* of scanning your iPhone for malware. In other words, it’s impossible to meet Apple’s guidelines for software and create a functional anti-virus program. So all such programs are worthless, and a scam. Folks who live in the EU have iPhones that have access to purchase software from other sources than the App Store. But if you value your iPhone’s security, you shouldn’t. Having all of your software meet Apple’s guidelines, and be vetted by Apple, is invaluable as far as security goes. (It’s a bit different for the Macintosh, and we can discuss that if anyone wants to.) __________________________________________________ Randy B. Singer Co-author of The Macintosh Bible (4th, 5th, and 6th editions) Essential But Hard To Find Macintosh Software and Advice __________________________________________________
|
Re: suspicious stuff on iphone
randy,? the fact that i could not get the message off the screen short of turning off the phone made me think it was malicious and not from apple...yes, i've seen many times an apple device asking me to agree to terms but this message seemed different, kind of in the category of things we who have used computers and iphones for many years instinctively recognize as suspicious or at least worthy of inquiry, especially in this group, where despite my use of technology daily since the 1980s (when things were FAR less complicated!) i often feel like a 6th grade student among seniors in high school...(and i appreciate that...it's like playing golf with better golfers makes you a better golfer)...my use of "clearly" malicious and "clearly" not from apple were conclusions made in haste because?sometimes suspicious-looking things turn out to be innocuous...i think this probably is the case here, since fellow-member bev made me aware of the icloud message, which has a bug the sometimes prompts users to re-agree to terms...i did no online research about the message because in this case my bewilderment was such that i felt i would get quality information more quickly is this group rather than try research it myself ---- largely because i made the mistake of not using another iphone to take screenshots of the message....i'm glad you mentioned "zero day" attack...i didn't know what that was until recently when i watched "Zero Days," a 2016 documentary film by Alex Gibney...it's streaming free on tubi...i highly recommend it.
> On Feb 15, 2025, at 9:56 AM, tim meidroth via <timmeidroth=[email protected]> wrote:
>
> ...unless i’m missing something, this message clearly was malicious and certainly not from apple
What am *I* missing?
What makes the message you saw “clearly not from Apple”??
Just the fact that you’ve never seen it before?? You’ve never seen an Apple device ask for you to agree to Apple’s terms?
What indicates that the message was “clearly malicious.”??
What was the malicious thing that you saw it do?? Or what online reference can you cite that says that there is something malicious that such a message leads too?
Unless we are talking about a zero day attack, all malware for iOS is known.? Did you try doing a Google search to see if this is a known attack?
__________________________________________________
Randy B. Singer
Co-author of The Macintosh Bible (4th, 5th, and 6th editions)
Essential But Hard To Find Macintosh Software and Advice
__________________________________________________
|
Re: suspicious stuff on iphone
no, it is not on the latest version of ios
On Sat, Feb 15, 2025 at 4:48?PM Bev in TX via <countryone77= [email protected]> wrote: The article mentions a n iOS bug that prompts the user to do it again.? Is your wife's phone at the latest iOS version? thanks, bev....i watched the FAQ video in that article and it shows what looks like the message we saw....however,? i can't find < settings apple?ID suggestions (as shown here from the video) on either of the two iphones in our home...also, both our phones show icloud successfully did a backup on 2-13, which suggests icloud is working properly on both.
On Sat, Feb 15, 2025 at 12:27?PM Bev in TX via <countryone77= [email protected]> wrote:
This is the only recent thing that I've heard about Apple's terms of service:
--
Bev in TX
|
Re: suspicious stuff on iphone
i don't know...i suppose it could have been, although i don't know how or whether you can turn off notifications from apple.
Could it have been a push notification thru the browser used on that phone?
|
Re: suspicious stuff on iphone
On Feb 15, 2025, at 9:56 AM, tim meidroth via groups.io <timmeidroth@...> wrote:
...unless i’m missing something, this message clearly was malicious and certainly not from apple What am *I* missing? What makes the message you saw “clearly not from Apple”? Just the fact that you’ve never seen it before? You’ve never seen an Apple device ask for you to agree to Apple’s terms? What indicates that the message was “clearly malicious.”? What was the malicious thing that you saw it do? Or what online reference can you cite that says that there is something malicious that such a message leads too? Unless we are talking about a zero day attack, all malware for iOS is known. Did you try doing a Google search to see if this is a known attack? __________________________________________________ Randy B. Singer Co-author of The Macintosh Bible (4th, 5th, and 6th editions) Essential But Hard To Find Macintosh Software and Advice __________________________________________________
|
Re: suspicious stuff on iphone
The article mentions a n iOS bug that prompts the user to do it again. ?Is your wife's phone at the latest iOS version?
toggle quoted message
Show quoted text
On Feb 15, 2025, at 1:06?PM, tim meidroth via groups.io <timmeidroth@...> wrote:
thanks, bev....i watched the FAQ video in that article and it shows what looks like the message we saw....however,? i can't find < settings apple?ID suggestions (as shown here from the video) on either of the two iphones in our home...also, both our phones show icloud successfully did a backup on 2-13, which suggests icloud is working properly on both.
On Sat, Feb 15, 2025 at 12:27?PM Bev in TX via <countryone77= [email protected]> wrote:
This is the only recent thing that I've heard about Apple's terms of service:
--
Bev in TX
|
Re: suspicious stuff on iphone
Could it have been a push notification thru the browser used on that phone?
toggle quoted message
Show quoted text
On Feb 15, 2025, at 09:56, tim meidroth via groups.io <timmeidroth@...> wrote:
? jim robertson’s recent post about whether to open a suspicious pdf file in imessages prompted me to share a recent oddity on one of our two household iphones, a his and a hers, both iphone13 pro max … after logging on, at some point her phone suddenly displayed a multi-page message purportedly from apple describing numerous changes to terms of service with regard to updates…at bottom there were two buttons to push — “agree” or “disagree” … she did nothing … this was neither an email nor a text and there was no way out it of it except to turn off the phone, which she did… upon logging on again after a few minutes, the message did not reappear and everything was normal … later, when we logged on to him’s phone, the message did not appear… unless i’m missing something, this message clearly was malicious and certainly not from apple … i regret not taking screenshots of the message so i could show it here! … has anyone else gotten this strange/suspicious message on their iphone? or even heard of it from other users?
_._,_. |
|
On Feb 15, 2025, at 3:08?PM, Brent via groups.io <whodo678@...> wrote:
Oh, but if you saw it contained a PDF, you opened the test message.?
And you certainly whined about it and asked if you should open it. Check the subject line you wrote, and you opened it after three others said not to, before I added the 4th negative reply to your question.?
WRONG on both counts, Brent. There IS no available decision for a user regarding an iMessage. If it arrives on your device, the text in it is readable. Also, I did NOT open the pdf attachment. Instead, I asked for advice here. I also consulted Apple Support online. From message traffic here, I received some helpful responses. First, in contrast to your unreferenced claim that, at only 19 KB, it HAD to be malicious, a report from Jim Saklad about the number of pdfs on his device(s) smaller in size than 19 KB that were perfectly harmless and useful. And, from Randy Singer, a note that it’s EXTRAORDINARILY unlikely for an iOS user to receive a pdf containing auto-executing malicious code.
Finally, of course, there was the apple.com/support article I mentioned that suggested “Quicklooking” a pdf was NOT the same as OPENING the attachment.
If any of that constitutes whining, I guess your intolerance for questions is even more prickly than I’ve suspected before.
--?
Jim Robertson
|
Why bother? Spammers spoof the calling number, and I believe that is a pay to use service, to look up a number that is a lie, if even an active number.?
toggle quoted message
Show quoted text
On Feb 15, 2025, at 09:42, FrankRP via groups.io <frank@...> wrote:
? On Feb 14, 2025, at 10:57?AM, jimrobertson via groups.io <jimrobertson@...> wrote:
My morning crop of iMessages includes one from a phone number I don’t recognize in the 469 area code (DFW area) that contains a 19 KB PDF attachment but no text.
Safe to open that pdf?
--?
Jim Robertson
If you go to??and type in the phone number it will tell you who owns that number, if it’s a valid number. Just keep in mind that the phone number may be spoofed and not actually go to the number shown.
Frank Parth
|
A lot of low level hacking relies on social engineering.
Apple products are protected by preventing vulnerable software like Java Script, Flash and executables from running. But the humans get tricked into making sensitive information.
Yes, FUD and voodoo practices do exist, just like social engineering.
Fear, lack of understanding, haste and convenience cause problems.
Brent
On my iPhone Xr
toggle quoted message
Show quoted text
On Feb 15, 2025, at 02:52, Randy B. Singer via groups.io <randy@...> wrote:
?
On Feb 14, 2025, at 11:39 AM, Paul via groups.io <paul@...> wrote:
Phishing scams:
The PDF might appear legitimate but contain links that lead to fake websites designed to capture your login credentials or other sensitive data. There is very little that a malicious Web site can do to you if you don’t volitionally give the site your information. Especially on iOS, but even on a Macintosh. Generally speaking, it’s been years since I’ve heard of a malicious Web site that was capable of a drive-by download with malicious intent on a Mac. Apple has mostly shored up all potential vulnerabilities in that regard. I’ve never heard from an iOS user who has encountered a malicious download from a Web site. I highly doubt that such a thing exists other than in the minds of self-serving malware “experts” who want to scare you.
Note that every single browser out there includes Google’s Safe Browsing. GSB is a daily updated black list of malicious Web sites. It may actually be difficult to find, and get to, a malicious Web site even if you went out looking for one. If you find one, your access to the site will almost certainly be blocked by GSB.
Malware installation:
The PDF could be embedded with executable code that automatically installs malicious software on your iPhone when opened. iOS doesn’t run Java or Flash. The only executable code that it can run embedded in a PDF would be JavaScript. However, for this very reason, iOS will only handle a very limited subset of JavaScript. In other words, it will only run extremely innocuous commands. On top of that, whatever runs is very carefully sandboxed, so it can’t damage, or even access, other software on your iOS device. I’ve never heard a first-hand account of anyone encountering a malicious PDF on iOS. My guess is that you never will. iOS makes it difficult or impossible to create a truly malicious PDF. At the very worst, you might encounter scareware (i.e. a socially engineered message to scare you into doing something volitionally that is stupid.)
Data theft:
Malicious PDFs may be designed to harvest personal information like your contact details or financial information directly from your device.
How? I think that this is simply BS.
Ransomware attacks:
In some cases, opening a malicious PDF could trigger a ransomware attack, encrypting your data and demanding a ransom to decrypt it.
There are no ransomware attacks currently in the wild for the Macintosh or iOS. NOT…ONE. There is scareware, but that’s not a real ransomware attack. Please don’t spread fallacious FUD. It’s not nice.
__________________________________________________
Randy B. Singer
Co-author of The Macintosh Bible (4th, 5th, and 6th editions)
Essential But Hard To Find Macintosh Software and Advice
__________________________________________________
|
Oh, but if you saw it contained a PDF, you opened the test message.?
And you certainly whined about it and asked if you should open it. Check the subject line you wrote, and you opened it after three others said not to, before I added the 4th negative reply to your question.?
toggle quoted message
Show quoted text
On Feb 14, 2025, at 22:56, jimrobertson via groups.io <jimrobertson@...> wrote:
? On Feb 14, 2025, at 11:07?PM, Brent via groups.io <whodo678@...> wrote:
But he still k Missed the point and viewed it any way. It may not include malware, but it definitely was spam.?
And he wonders why he keeps getting more spam. Because he keeps letting them know his e-ddress and phone number are alive and active, by opening them.?
Brent:
Neither of your (grammatically weird) assertions is true.
- A user doesn’t “open” an iMessage. It’s readable as it arrives. So, unless I had some way of preventing an iMessage from arriving on one of my devices solely because I’d never received one from that phone number previously (or even just as difficult, preventing a message from reaching me solely because it contained a pdf (which of course would prevent me from receiving MANY, MANY legitimate messages even if I COULD do so), I had no way to prevent myself from “viewing” the message.
- Nothing in my question to the list asserted that I had no idea why I receive so much spam.
I did not click any links in the pdf.
Here’s a direct quote from an apple.com user support page (which doesn’t lessen my concern about using Quicklook on an iMessage attachment).
--?
Jim Robertson
|
Re: suspicious stuff on iphone
thanks, bev....i watched the FAQ video in that article and it shows what looks like the message we saw....however,? i can't find < settings apple?ID suggestions (as shown here from the video) on either of the two iphones in our home...also, both our phones show icloud successfully did a backup on 2-13, which suggests icloud is working properly on both.
On Sat, Feb 15, 2025 at 12:27?PM Bev in TX via <countryone77= [email protected]> wrote: This is the only recent thing that I've heard about Apple's terms of service: On Feb 15, 2025, at 11:56?AM, tim meidroth via <timmeidroth=[email protected]> wrote:
jim robertson’s recent post about whether to open a suspicious pdf file in imessages prompted me to share a recent oddity on one of our two household iphones, a his and a hers, both iphone13 pro max … after logging on, at some point her phone suddenly displayed a multi-page message purportedly from apple describing numerous changes to terms of service with regard to updates…at bottom there were two buttons to push — “agree” or “disagree” … she did nothing … this was neither an email nor a text and there was no way out it of it except to turn off the phone, which she did… upon logging on again after a few minutes, the message did not reappear and everything was normal … later, when we logged on to him’s phone, the message did not appear… unless i’m missing something, this message clearly was malicious and certainly not from apple … i regret not taking screenshots of the message so i could show it here! … has anyone else gotten this strange/suspicious message on their iphone? or even heard of it from other users
--
Bev in TX
|
Re: suspicious stuff on iphone
This is the only recent thing that I've heard about Apple's terms of service:
toggle quoted message
Show quoted text
On Feb 15, 2025, at 11:56?AM, tim meidroth via groups.io <timmeidroth@...> wrote:
jim robertson’s recent post about whether to open a suspicious pdf file in imessages prompted me to share a recent oddity on one of our two household iphones, a his and a hers, both iphone13 pro max … after logging on, at some point her phone suddenly displayed a multi-page message purportedly from apple describing numerous changes to terms of service with regard to updates…at bottom there were two buttons to push — “agree” or “disagree” … she did nothing … this was neither an email nor a text and there was no way out it of it except to turn off the phone, which she did… upon logging on again after a few minutes, the message did not reappear and everything was normal … later, when we logged on to him’s phone, the message did not appear… unless i’m missing something, this message clearly was malicious and certainly not from apple … i regret not taking screenshots of the message so i could show it here! … has anyone else gotten this strange/suspicious message on their iphone? or even heard of it from other users
--
Bev in TX
|
suspicious stuff on iphone
jim robertson’s recent post about whether to open a suspicious pdf file in imessages prompted me to share a recent oddity on one of our two household iphones, a his and a hers, both iphone13 pro max … after logging on, at some point her phone suddenly displayed a multi-page message purportedly from apple describing numerous changes to terms of service with regard to updates…at bottom there were two buttons to push — “agree” or “disagree” … she did nothing … this was neither an email nor a text and there was no way out it of it except to turn off the phone, which she did… upon logging on again after a few minutes, the message did not reappear and everything was normal … later, when we logged on to him’s phone, the message did not appear… unless i’m missing something, this message clearly was malicious and certainly not from apple … i regret not taking screenshots of the message so i could show it here! … has anyone else gotten this strange/suspicious message on their iphone? or even heard of it from other users?
|
On Feb 14, 2025, at 10:57?AM, jimrobertson via groups.io <jimrobertson@...> wrote:
My morning crop of iMessages includes one from a phone number I don’t recognize in the 469 area code (DFW area) that contains a 19 KB PDF attachment but no text.
Safe to open that pdf?
--?
Jim Robertson
If you go to??and type in the phone number it will tell you who owns that number, if it’s a valid number. Just keep in mind that the phone number may be spoofed and not actually go to the number shown.
Frank Parth
|
On Feb 14, 2025, at 11:39 AM, Paul via groups.io <paul@...> wrote:
Phishing scams:
The PDF might appear legitimate but contain links that lead to fake websites designed to capture your login credentials or other sensitive data. There is very little that a malicious Web site can do to you if you don’t volitionally give the site your information. Especially on iOS, but even on a Macintosh. Generally speaking, it’s been years since I’ve heard of a malicious Web site that was capable of a drive-by download with malicious intent on a Mac. Apple has mostly shored up all potential vulnerabilities in that regard. I’ve never heard from an iOS user who has encountered a malicious download from a Web site. I highly doubt that such a thing exists other than in the minds of self-serving malware “experts” who want to scare you. Note that every single browser out there includes Google’s Safe Browsing. GSB is a daily updated black list of malicious Web sites. It may actually be difficult to find, and get to, a malicious Web site even if you went out looking for one. If you find one, your access to the site will almost certainly be blocked by GSB. Malware installation:
The PDF could be embedded with executable code that automatically installs malicious software on your iPhone when opened. iOS doesn’t run Java or Flash. The only executable code that it can run embedded in a PDF would be JavaScript. However, for this very reason, iOS will only handle a very limited subset of JavaScript. In other words, it will only run extremely innocuous commands. On top of that, whatever runs is very carefully sandboxed, so it can’t damage, or even access, other software on your iOS device. I’ve never heard a first-hand account of anyone encountering a malicious PDF on iOS. My guess is that you never will. iOS makes it difficult or impossible to create a truly malicious PDF. At the very worst, you might encounter scareware (i.e. a socially engineered message to scare you into doing something volitionally that is stupid.)
Data theft:
Malicious PDFs may be designed to harvest personal information like your contact details or financial information directly from your device.
How? I think that this is simply BS.
Ransomware attacks:
In some cases, opening a malicious PDF could trigger a ransomware attack, encrypting your data and demanding a ransom to decrypt it.
There are no ransomware attacks currently in the wild for the Macintosh or iOS. NOT…ONE. There is scareware, but that’s not a real ransomware attack. Please don’t spread fallacious FUD. It’s not nice. __________________________________________________ Randy B. Singer Co-author of The Macintosh Bible (4th, 5th, and 6th editions) Essential But Hard To Find Macintosh Software and Advice __________________________________________________
|
On Feb 14, 2025, at 11:07?PM, Brent via groups.io <whodo678@...> wrote:
But he still k Missed the point and viewed it any way. It may not include malware, but it definitely was spam.?
And he wonders why he keeps getting more spam. Because he keeps letting them know his e-ddress and phone number are alive and active, by opening them.?
Brent:
Neither of your (grammatically weird) assertions is true.
- A user doesn’t “open” an iMessage. It’s readable as it arrives. So, unless I had some way of preventing an iMessage from arriving on one of my devices solely because I’d never received one from that phone number previously (or even just as difficult, preventing a message from reaching me solely because it contained a pdf (which of course would prevent me from receiving MANY, MANY legitimate messages even if I COULD do so), I had no way to prevent myself from “viewing” the message.
- Nothing in my question to the list asserted that I had no idea why I receive so much spam.
I did not click any links in the pdf.
Here’s a direct quote from an apple.com user support page (which doesn’t lessen my concern about using Quicklook on an iMessage attachment).
--?
Jim Robertson
|
19 KiloBytes? Ok.?
But he still k Missed the point and viewed it any way. It may not include malware, but it definitely was spam.?
And he wonders why he keeps getting more spam. Because he keeps letting them know his e-ddress and phone number are alive and active, by opening them.?
You can’t stop the spam or hackers, so rather than get upset, filter them out as best you can, and go radio silent on the ones that come thru, and delete them. Least amount of time and energy on your end.?
toggle quoted message
Show quoted text
On Feb 14, 2025, at 15:16, Jim Saklad via groups.io <jimdoc@...> wrote:
? Brent wrote: A 19 Kb PDF, is probably not human readable, so it is malicious.?
I have 35 legitimate .PDF’s on my Mac that are 19kb or smaller…
jimdoc@...<Jim logo small.jpg>
|
You are likely see to open, and if it is the one I keep getting, It will tell you what a bad boy you are visiting all those X rated sites and if you do not send $1800 to a bitcoin account, all your contacts will be sent the data. You are also warned that the PDF is being tracked and they put a copy of the Google maps picture of your house to intimidate. Also, the email is not trackable. It is entertaining, though.
Mike
|
Brent wrote: A 19 Kb PDF, is probably not human readable, so it is malicious.?
I have 35 legitimate .PDF’s on my Mac that are 19kb or smaller…
jimdoc@...
|
tim meidroth
Brent
FrankRP
Jim Saklad