Apple has issued a warning about a ream of code-execution vulnerabilities, some of which are remotely exploitable. The most severe of the flaws could allow for arbitrary code execution with kernel or root privileges. A fix for the flaw that makes iPhones easy prey for Pegasus spyware is still to come: Still to come. The vulnerabilities are in WebKit, the engine that powers Apple s Safari browser, four of which could be exploited. The flaws are rated medium-risk for small business or government entities, while the risk to home users is considered low.
Source: https://threatpost.com/apple-iphone-pegasus-zero-day/168040/