The iOS 18.5 update released by Apple today includesiPhonene 16eSecurity fixes for the C1 modem, the first Apple-designed modem. According to Apple’s guidance for iOS 18.5Security Support Documentation, a vulnerability in the C1 modem has been fixed.
Apple said the vulnerability fixes a baseband security vulnerability that could allow an attacker "in a privileged network position" to intercept network traffic. Simply put, a hacker with access to cellular network infrastructure could exploit this vulnerability for surveillance or man-in-the-middle attacks.
The C1's baseband is used for signal processing, so it encodes and decodes communication data between the device and the network, and handles calls, text messages, and data connections. Apple addressed the vulnerability with improved state management, which may mean new validation checks are needed to prevent attackers from exploiting vulnerabilities between running states.
Apple released the iPhone 16e earlier this year, and today's security update is noteworthy because it marks the first security flaw discovered and addressed in the C1 modem.
iOS 18.5 also includes several other security fixes, fixing vulnerabilities in image processing, call logging, Bluetooth, file parsing, FaceTime, Notes, ProRes, WebKit, and more. There are currently no known vulnerabilities being actively exploited, but it is recommended that you update immediately.