Apple devices have long been seen as safer from cyberattacks compared to Windows PCs and Android devices. But that era is fading as Apple’s growing popularity makes its ecosystem a prime target for hackers. A recent breakthrough hack of the iPhone 15’s custom ACE3 USB-C controller highlights a broader trend: Macs are no longer flying under the hacker radar.
At the 38th Chaos Communication Congress (38C3) in Hamburg, Germany, security researcher Thomas Roth, known as stacksmashing, demonstrated how he exploited the ACE3 USB-C controller to achieve code execution. This hardware component, first introduced with the iPhone 15 series, manages power delivery and internal device communication. Roth used techniques like reverse engineering and electromagnetic fault-injection to unlock the controller’s firmware.
While Apple devices remain more secure than many alternatives, Roth’s research shows how persistent hackers can uncover vulnerabilities even in custom hardware. He emphasized that this hack lays the foundation for future discoveries. “By showing how one can get code execution and dump the firmware of the ACE3, it essentially lays the groundwork for further research,” Roth said. The concern is that bad actors could now leverage these findings to identify new exploits.
Why Hackers Are Targeting Macs More Often
Historically, Macs were less appealing to hackers due to their smaller market share and closed ecosystem. But the iPhone’s success has changed that equation. Apple’s devices are now central to both personal and business use, making them more attractive targets.
Recent attacks have shown a clear uptick in Mac-specific malware. North Korean hackers have reportedly developed custom malware targeting macOS. In addition, Safari users have been warned about credential-stealing attacks that exploit browser vulnerabilities. These incidents signal that Apple users can no longer rely on obscurity as a defense.
Apple’s Response to Security Risks
Roth reported his findings to Apple, but the company’s response has been measured. For a previous ACE2 vulnerability, Apple initially committed to fixing it but later decided it was a hardware issue that wouldn’t be addressed. Regarding the ACE3 hack, Apple acknowledged the attack’s complexity but didn’t view it as an immediate threat.
Apple’s stance highlights a broader challenge in cybersecurity: balancing security updates with practical risk assessment. However, Roth’s research shows that even foundational components like the USB-C controller can be vulnerable to sophisticated attacks. These insights raise concerns about what other hidden vulnerabilities might exist within Apple’s ecosystem.
The Bigger Picture: Apple’s Growing Exposure
As Apple’s market share grows, hackers are taking notice. The days when Macs were largely ignored by cybercriminals are over. Apple’s increasing dominance in personal computing and enterprise solutions has made it a valuable target.
The iPhone USB-C hack is a clear sign that hackers are evolving their tactics. Moving forward, Apple will need to prioritize proactive security measures to protect its users. The myth of Mac invincibility is fading fast, and persistent attackers are proving that no device is completely secure. Apple’s challenge now is to stay one step ahead of these evolving threats.