Security researchers have found a critical vulnerability in the USB-C controller of Apple’s iPhone 15 series. Thomas Roth, a prominent researcher, revealed the flaw at the 38th Chaos Communication Congress. This vulnerability, present in the ACE3 USB-C controller, allows attackers to bypass essential security measures.
How the Exploit Works
The ACE3 controller manages charging and data transfers on iPhones. Roth reverse-engineered its firmware, exposing weaknesses in its communication protocols. Using specialized tools, he demonstrated how attackers could reprogram the controller to bypass critical protections and inject malicious code. While alarming, the exploit requires physical access to the device, reducing its immediate threat level.
Serious Risks for Targeted Users
Though average users face minimal risks, high-profile individuals remain vulnerable to sophisticated attacks. If exploited, this flaw could enable untethered jailbreaks, allowing hackers to bypass restrictions permanently. These jailbreaks could create firmware-level vulnerabilities that persist even after system updates.
Apple’s Response and Protective Measures
Apple has yet to address the issue or announce solutions. Experts advise users to secure their devices physically and avoid unverified accessories to reduce risks. Maintaining careful control over charging and data connections is also critical to staying protected.
