The USB-C port on Apple’s iPhone 15 and 16 is managed by a controller chip developed by Apple. According to Cyber Security News, security researchers managed to hack this proprietary chip, called ACE3. Due to security improvements, the hacking process would be much more difficult than for the older ACE2 controller, found in devices such as MacBooks.
By analyzing electromagnetic signals during the boot process, the researchers were able to determine the exact moment when the firmware is committed. Using a technique called “electromagnetic fault injection,” modified firmware can be loaded onto an iPhone and booted by the controller after bypassing Apple’s validation. Experts said this has serious implications for the security of iPhones, as a modified piece of firmware could jailbreak or even make changes to iOS, theoretically allowing malware to access sensitive data or hijack individual functions of an iPhone.
However, attackers must have physical access to the iPhone to carry out such an attack, meaning this security flaw should not pose a problem for most users. Meanwhile, the site BleepingComputer has reported new phishing attacks aimed at bypassing one of iMessage’s security features. Although Apple automatically disables links in messages from people who aren’t in Contacts, the links are activated as soon as the recipient responds. Threat actors exploit this behavior by tricking their targets into responding to messages. For example, attackers may try to convince potential victims that they can prevent further messages from being sent by sending the word “STOP.” Once the response is received, would-be criminals are free to send phishing links via iMessage. As with emails, it is not recommended to open links from sources you do not trust.
