Yoroi-Cybaze Experts: An attacker can execute arbitrary code on the target device by taking control of it without authentication. In addition, there is currently no patch.
US Agency: Threat actors continue to exploit CVE-2019-11510. They may be able to gain access to all active users and their plain-text credentials, and also execute arbitrary commands.
Nine of them were “Critical”, the others “Important” or “Moderate”. The first could allow an attacker to take control of an affected system, thanks to RCS. UPDATE the systems now!