TechCrunch has a great summary of the in depth security research done by Google. In it TechCrunch summarizes the attack as follows, “The five separate attack chains allowed an attacker to gain “root” access to the device”.
Google said based off their analysis, the vulnerabilities were used to steal a user’s photos and messages as well as track their location in near-real time. The “implant” could also access the user’s on-device bank of saved passwords.
TechCrunch
cybersqueeze 