Nicolás Alvarez

In response to the DarkSword vulnerabilities, Apple released backported security fixes for several iOS versions. They also started sending push notifications to get users to update:

"Critical Security Update Needed: Apple is aware of attacks targeting out-of-date iOS software, including the version on your iPhone. Install this critical update to protect your iPhone."

How does this notification work? Did they foresee the need to send security alerts and build that capability into iOS years ago? After days of capturing my iPhone 7 network traffic while waiting to get the alert, I finally got it.

Turns out they send a push notification targeted at itunesstored, with identifier com.apple.AMSFollowUpIdentifier.Billing. AMS means Apple Media Services. That sounds like it's the kind of alert they send for "your card was declined when charging your monthly Apple Music subscription".

This notification mechanism is flexible enough that they can set the text to "Critical Security Update Needed" and the link target to prefs:root=General&path=SOFTWARE_UPDATE_LINK so it takes you to the Software Updates screen. That's a clever hack... but man, it's a hack.

Apr 2 at 6:36pmWeb
Show threadNicolás Alvarez2d ago
Oh and I got the alert in Spanish despite this particular device being set to English. Probably it used the language settings of my iTunes account.
Show threadNicolás Alvarez2d ago
But yeah basically...
Show thread65GHz 🇵🇸2d ago
@nicolas17 great catch and man, you're an absolute nerd 😄
Show threadSigma6h ago
@nicolas17 I think they also used that one a few years back when they notified people they suspected to be targeted by Pegasus.