Not true. There are two chips in the phone AP (application processor) and BP (baseband processor). BP controls antenna and radio and runs RTOS (real time operation system). BP and AP share memory and BP can inject malicious code BEFORE AP loads OS.
BP can be controlled via fake cell tower installed close to the targetted phone.
Only secure custom phones costing $10K are not vulnerable to radio penetration.
EXCUSE ME. This has ZERO to do with the baseband processor and the Application processor . . . And in fact, the closely vulnerability I was referring to that was CLOSED last year is in the Mac. Try to keep up.
In ADDITION, what you are claiming has ZERO to do with the exploit that the CIA was using here. . . So you are doubly wrong. The CIA was intercepting the devices and manually installing the malware, not remotely via cellular signal.