Wide-ranging Apple security update addresses over 30 vulnerabilities | CyberScoop<\/title> <meta name=\"description\" content=\"Apple released security updates for iOS, iPadOS, and macOS, addressing over 30 vulnerabilities\u2014including the first C1 modem patch.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/apple-security-update-c1-modem-privacy-fixes-may-2025\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Wide-ranging Apple security update addresses over 30 vulnerabilities\"> <meta property=\"og:description\" content=\"Apple released security updates for iOS, iPadOS, and macOS, addressing over 30 vulnerabilities\u2014including the first C1 modem patch.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/apple-security-update-c1-modem-privacy-fixes-may-2025\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-05-13T15:15:51+00:00\"> <meta property=\"article:modified_time\" content=\"2025-05-13T15:15:54+00:00\"> <meta name=\"author\" content=\"Greg Otto\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/wide-ranging-apple-security-update-addresses-over-30-vulnerabilities-2.jpg\"> <meta name=\"twitter:creator\" content=\"@gregotto\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1746040294g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1746476661g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1740691656g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=a815169637cf454b7376\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/84481\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.8.1\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=84481\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fapple-security-update-c1-modem-privacy-fixes-may-2025%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fapple-security-update-c1-modem-privacy-fixes-may-2025%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-84481 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/apple-security-update-c1-modem-privacy-fixes-may-2025\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"4.9180327868852\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Voting is open for the 2025 CyberScoop 50 awards!<\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"24.839756592292\">\n<div class=\"single-article__header-content\" readability=\"32.806267806268\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/apple-security-update-c1-modem-privacy-fixes-may-2025\/\"> <span>Cybersecurity<\/span> <\/a> <\/li>\n<\/ul>\n<p> Apple said there is no indication of active exploitation for the listed vulnerabilities. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/84481\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/wide-ranging-apple-security-update-addresses-over-30-vulnerabilities.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/wide-ranging-apple-security-update-addresses-over-30-vulnerabilities-2.jpg 5472w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/wide-ranging-apple-security-update-addresses-over-30-vulnerabilities-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/wide-ranging-apple-security-update-addresses-over-30-vulnerabilities-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/wide-ranging-apple-security-update-addresses-over-30-vulnerabilities-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/wide-ranging-apple-security-update-addresses-over-30-vulnerabilities-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/wide-ranging-apple-security-update-addresses-over-30-vulnerabilities-2.jpg?resize=2048,1365 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/wide-ranging-apple-security-update-addresses-over-30-vulnerabilities-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/wide-ranging-apple-security-update-addresses-over-30-vulnerabilities-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/wide-ranging-apple-security-update-addresses-over-30-vulnerabilities-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/wide-ranging-apple-security-update-addresses-over-30-vulnerabilities-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/wide-ranging-apple-security-update-addresses-over-30-vulnerabilities-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> An Apple logo is reflected on glass at the Apple Store at Orchard Road on September 24, 2021 in Singapore. (Photo by Feline Lim\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"33.677455357143\"><body readability=\"67.252263906856\"><\/p>\n<p>Apple rolled out a series of substantial security updates Monday for its major software platforms, with advisories covering iOS, iPadOS, and two versions of macOS lines, addressing more than 30 vulnerabilities in total. <\/p>\n<p>Among the numerous fixes, iOS 18.5 and iPadOS 18.5 introduce the first security update for Apple\u2019s in-house C1 modem, featured in the newly released iPhone 16e. The patch addresses a baseband vulnerability (<a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2025-31214\">CVE-2025-31214<\/a>) that, according to the company, could have allowed an attacker \u201cin a privileged network position\u201d to intercept network traffic. While the specific details remain undisclosed, the risk highlights concerns about how devices communicate on the hardware level, since baseband processors control things like data transmission, call processing, and other network functions.<\/p>\n<p>The company also patched some privacy-focused vulnerabilities in macOS Sequoia, its operating system for desktop and laptop computers. The updates cover components such as Apple Intelligence, Core Bluetooth, Finder, the Transparency, Consent, and Control (TCC) framework, and additional core system features. Each issue potentially allowed applications \u2014 sometimes sandboxed or otherwise restricted \u2014 to access sensitive personal data, ranging from identity and authentication information to usage logs and private communications.<\/p>\n<p>StoreKit, Notification Center, and Core Bluetooth were also patched after researchers reported privacy issues that could expose user data through logs, improperly managed application states, or permissions lapses. As with other updates, Apple did not indicate that any of these flaws were exploited prior to patching.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Critical vulnerabilities across all platforms reveal recurring categories of vulnerabilities: out-of-bounds reads, memory corruption, double-free errors, and logic errors that break down core security controls. Multiple vulnerabilities affected shared codebases or cross-platform components, including AppleJPEG, CoreMedia, and WebKit, which are all used in iOS, iPadOS, and macOS. <\/p>\n<p>Some other vulnerabilities addressed include:<\/p>\n<ul class=\"wp-block-list\">\n<li>Attackers with physical access potentially retrieving deleted content or data from Apple Notes, even if a device is locked.<\/li>\n<li>Malicious applications gaining elevated privileges, escaping sandboxes, or bypassing privacy controls.<\/li>\n<li>Weaknesses in open-source libraries (e.g., libexpat, OpenSSH) bundled with Apple software, several of which could lead to arbitrary code execution or data leaks.<\/li>\n<li>Flaws in the WebKit web engine allowing denial-of-service, information leaks, or memory corruption when parsing web content \u2014 a recurring category for Apple browser security.<\/li>\n<\/ul>\n<p>While Apple said there is no indication of active exploitation for these vulnerabilities, the breadth and variety of the issues underscore the complexity of maintaining security in platforms as popular and interconnected as the company\u2019s ecosystem. Researchers noted that eight different macOS Sequoia components separately had flaws with privacy impact.<\/p>\n<p>Further details are available <a href=\"https:\/\/support.apple.com\/en-us\/100100\">on Apple\u2019s website<\/a>. <\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"4.5\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/wide-ranging-apple-security-update-addresses-over-30-vulnerabilities-1.jpg?w=640&ssl=1\" alt=\"Greg Otto\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Greg Otto<\/h4>\n<p> Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University. <\/p>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/apple-security-update-c1-modem-privacy-fixes-may-2025\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Wide-ranging Apple security update addresses over 30 vulnerabilities | CyberScoop<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[78,288],"tags":[86,294],"class_list":["post-7632","post","type-post","status-publish","format-standard","hentry","category-cybersecurity","category-threats","tag-cybersecurity","tag-threats"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a>","tag_info":"Threats","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7632","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7632"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7632\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7632"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7632"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7632"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7632,"date":"2025-05-13T10:15:51","date_gmt":"2025-05-13T15:15:51","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=84481"},"modified":"2025-05-13T10:15:51","modified_gmt":"2025-05-13T15:15:51","slug":"wide-ranging-apple-security-update-addresses-over-30-vulnerabilities","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/05\/13\/wide-ranging-apple-security-update-addresses-over-30-vulnerabilities\/","title":{"rendered":"Wide-ranging Apple security update addresses over 30 vulnerabilities"},"content":{"rendered":"