The first vulnerability, known as IOSurface out-of-bounds write, enabled attackers to corrupt data, crash applications and devices, and remotely execute code. In the worst-case scenario, a malicious actor could install an app that allowed them to execute arbitrary code with kernel privileges on the endpoint.
The second vulnerability, dubbed WebKit use after free, allowed attackers to execute arbitrary code remotely and result in data corruption. Victims could be tricked into visiting a malicious website, which could lead to remote code execution.
