Google Project Zero head Tim Willis wrote that the four most serious of the eighteen vulnerabilities, all of which were reported in late 2022 and 2023, allow an attacker to remotely compromise a phone at the baseband level with no user interaction. Compromising a vulnerable device would only require an attacker to know a target’s phone number.
A hacker exploiting one of the vulnerabilities would gain total access to all the data moving to and from the device, including calls, texts, and cellular data. Willis writes that skilled attackers could quickly create an operational exploit to compromise affected devices silently and remotely.