iOS 18.5 Brings First Security Update for Apple’s C1 Modem

Apple released iOS 18.5 on Monday, and the update includes the first security fix for Apple’s C1 modem, used in the iPhone 16e. The C1 is Apple’s first internally designed and manufactured modem chip.

Apple’s security support document for iOS 18.5 notes there is a fix for a baseband security vulnerability with the C1 modem. The security note states that the fix addresses a baseband security flaw that could put attackers “in a privileged network position” to intercept network traffic. A hacker with access to cellular network infrastructure could exploit the vulnerability to monitor users or launch a man-in-the-middle attack.

Baseband

Available for: iPhone 16e

Impact: An attacker in a privileged network position may be able to intercept network traffic

Description: This issue was addressed through improved state management.

The C1 modem’s baseband is utilized for signal processing, encoding, and decoding data to facilitate communication between devices and networks. It also processes texts, calls, and data connections; Apple plugged the security hole with improved state management, possibly including new validation checks, which will prevent bad actors from exploiting any weaknesses between operational states.

The C1 is Apple’s first custom modem chip, which debuted in the iPhone 16e. The internally designed and manufactured modem chips mark Apple’s first step forward in reducing its reliance on external suppliers, such as Qualcomm, which currently manufactures the modem chips used in the iPhone 16 and iPhone 16 Pro models.

Apple says the C1 modem is its most power-efficient cellular chip to date. However, this first-generation chip also only supports sub-6GHz 5G networks.

Bloomberg‘s Mark Gurman and supply chain analyst Ming-Chi Kuo have both stated that the iPhone 17 Air will utilize the C1 modem used by the iPhone 16e, suggesting it will also lack mmWave 5G technology. However, the iPhone 17, iPhone 17 Pro, and iPhone 17 Pro Max are expected to continue using Qualcomm’s 5G modem chips, meaning they will still have access to mmWave — at least in models sold in the US; Apple has yet to release an mmWave-capable 5G iPhone internationally.

The differences between mmWave and sub-6GHz 5G are notable. While mmWave 5G frequencies deliver ultra-fast speeds, they can only do so over relatively short distances. This makes the technology an ideal solution for dense urban areas and venues like airports and stadiums, as a single transceiver can also handle a greater number of devices. While sub-6GHz 5G is generally slower than mmWave, the signals travel a greater distance, making it an attractive solution for less densely-populated suburban and rural areas.

Gurman says Apple is working on a second-generation 5G modem chip, and that modem will include mmWave support in its feature set. He expects to see the second-generation chip to be used in the 2026 iPhone 18 lineup, with a third-generation modem chip to debut in 2027.

Apple has a modem supply agreement with Qualcomm that runs through 2026, so hopefully Apple will have time to work the bugs out of its in-house modem technology.

iOS 18.5 also includes several other security fixes for vulnerabilities, including flaws with ProRes, file parsing, FaceTime, Notes, image processing, call history, Bluetooth, WebKit, and much more. None of the fixed security vulnerabilities are known to have been actively exploited; however, it’s always a good idea to update as soon as possible to protect against potential attacks — especially now that Apple has published a list of them for every hacker to see.