iPhone 15, 16, and 17 users are being warned about a potential security flaw in the recently released iOS 26. While intended to protect against data extraction, a default setting allows immediate data access upon USB-C connection when the device is unlocked, bypassing standard security prompts. Apple acknowledged a bug preventing some users from modifying the setting, but has not provided a fix date as of December 4, 2025.
iPhone 15, 16, and 17 users who have updated to iOS 26 are being cautioned about a potentially concerning default setting that could inadvertently expose their data.
The recently released iOS 26, which arrived in September, includes a security feature designed to prevent data extraction via USB-C ports. However, Apple has configured the default setting to “Allow Automatic Connection When Unlocked.” This means that if an iPhone is unlocked and a cable is connected – including those potentially carrying malware – data access is granted immediately without prompting the user. Photos and encrypted chats, previously considered secure, could be vulnerable.
For optimal security, the setting should be configured to “Always Ask” or “Ask for New Accessories.”
To check and modify this setting, users should navigate to Settings > Privacy & Security > Wired Accessories and select either “Always Ask” or “Ask for New Accessories.”
However, some users are currently encountering a bug that prevents them from changing the setting, despite knowing the correct solution. Apple acknowledged the issue in September and stated that a fix is in development, but has not yet provided a timeline for its release. Users with older iPhone models utilizing the Lightning port are not affected, as this protective feature is not available on those devices.
As a precaution, while Apple works to resolve the bug, iPhone owners are advised to avoid using unfamiliar or untrusted charging cables or connecting to questionable devices. Even with robust security systems in place, an open setting like this necessitates user vigilance.
The discovery highlights the ongoing challenges of balancing security and user convenience in mobile operating systems. As smartphones become increasingly central to daily life, protecting personal data is paramount.
Apple’s new USB-C security feature, while intended to enhance protection, has a default setting that could inadvertently create a vulnerability for iPhone users. The issue centers around the “Allow Automatic Connection When Unlocked” default, which grants immediate data access upon connection when the device is unlocked.
According to reports surfacing after the September release of iOS 26, this setting bypasses the usual security prompts, potentially allowing malicious cables or devices to access sensitive information like photos and messages. Experts recommend changing the setting to “Always Ask” or “Ask for New Accessories” for a more secure configuration.
Currently, some users are reporting a bug preventing them from modifying the setting, a problem Apple has acknowledged and is working to resolve. The company has not yet announced a timeline for a fix. iPhone models with the older Lightning port are not affected by this issue.
Until a solution is deployed, iPhone 15, 16, and 17 users are advised to exercise caution when connecting to USB-C accessories, avoiding the use of unfamiliar or untrusted cables and devices. This proactive approach can help mitigate the risk posed by the current default setting.
