iOS 18.5 contains more than 30 different security fixes.
-xl-xl-xl.jpg)
Apple’s iOS 18.5 and iPadOS 18.5 updates fix more than 30 operating system vulnerabilities, including the first documented for the C1 modem. Here’s what you need to know, and why you should consider updating right away.
On Monday, after a series of developer betas and a release candidate build, Apple finally launched iOS 18.5 to the general public. Though the update contains quality-of-life improvements for the Mail and Settings apps, along with a new Pride Harmony wallpaper, the software also patches multiple vulnerabilities.
While previous iOS updates, such as iOS 18.3 and iOS 18.4.1, patched actively exploited vulnerabilities, this is not the case with iOS 18.5. Still, Monday’s software update addresses core security issues related to different aspects of the iPhone operating system.
Many of the changes introduced were implemented to prevent bad actors from accessing users’ private information, such as notes and phone call recordings.
The iOS 18.5 fixes that keep your data safe
With the iOS 18.5 update, Apple fixed two vulnerabilities that were present in the built-in Notes app. One of the now-patched security flaws allowed attackers with physical device access to view notes from the Lock Screen, while the other made it possible to access deleted call recordings.
Apple’s iOS 18.5 update contains two security patched for the built-in Notes app.
The two security issues are not known to have been actively exploited, and they were resolved through improved checks and authentication.
iOS 18.5 also fixes two call-related vulnerabilities. Specifically, Apple addressed a privacy issue that caused the call history from deleted apps to appear in Spotlight search results. FaceTime received a fix that affects the mute app’s functionality, which didn’t always silence audio when it was supposed to. The FaceTime issue was resolved through improved state management.
In addition to the FaceTime and Notes fixes, the iOS 18.5 update contains a change that improves the security of the Bluetooth functionality. The security fix in Monday’s software update prevents applications from using Bluetooth to access sensitive user data. Apple accomplished this by implementing improved state management.
Apple also addressed a Core Graphics vulnerability that exposed sensitive user data. An out-of-bounds issue was resolved through improved bounds checks. More importantly, however, the iOS 18.5 update contains a fix for iCloud Document Sharing. Specifically, Apple addressed a security issue that allowed attackers to enable iCloud sharing for specific folders without prior authentication.
Alongside these security patches, there’s a unique fix related to the relatively new iPhone 16e, announced in February 2025. The iPhone 16e contains Apple’s first-ever in-house modem, known as the C1, which is not found in other Apple devices.
The update to the C1 in iOS 18.5 prevents attackers in a privileged network position, meaning an attacker somewhere inside your wireless carrier, from accessing network traffic.
iOS 18.5 security patches prevent denial-of-service attacks
With iOS 18.5, Apple introduced two security fixes that prevent denial-of-service attacks. FaceTime received a user interface improvement that prevents the use of malicious web content for a DOS attack. An arguably similar fix for ImageIO was also implemented, as it prevents attackers from using maliciously crafted images to facilitate DOS attacks.
The iOS 18.5 update contains fixes that prevent denial-of-service attacks.
The iOS 18.5 update also addressed two kernel-related issues, which would have allowed for unexpected app termination, system termination, and kernel memory corruption. The two issues were resolved through improved memory handling and better memory management.
“Multiple issues in libexpat, including unexpected app termination or arbitrary code execution,” were resolved as well. There’s also a fix for the built-in Mail app, which prevents user interface spoofing. The Mail-related injection issue was resolved through improved input validation.
Two now-patched Pro Res issues allowed attackers and apps to cause unexpected system termination. Apple addressed these with improved checks and changes to input sanitization.
WebKit fixes in iOS 18.5
The iOS 18.5 update contains multiple security patches for WebKit, three of which prevent memory corruption. Apple addressed these WebKit-related issues through improved checks, memory handling, and memory validation.
iOS 18.5 features multiple WebKit fixes.
The iPhone maker also patched three WebKit issues that caused unexpected Safari crashes and process crashes on versions older than iOS 18.5.
Apple has made it so that processing malicious web content will no longer cause such crashes, and the company did so by implementing improved checks, memory handling, and state handling. In total, iOS 18.5 features eight different WebKit-related fixes, each with their respective CVE designation.
Other security fixes in the iOS 18.5 update
Overall, the iOS 18.5 update contains more than 30 different security fixes and patches a wide variety of vulnerabilities. The full list of security updates and fixes for iOS 18.5 can be seen on Apple’s website.
Alongside the patched vulnerabilities already mentioned here, Apple resolved issues with various operating system components, such as AppleJPEG, CoreAudio, CoreMedia, mDNSResponder, and more.
It’s important to always keep your operating system up-to-date. Apple’s latest security fixes ensure that bad actors have a much more difficult time obtaining your private user data, with the iOS 18.5 update being no exception.
