The most serious vulnerabilities would allow an attacker to execute code on the device with root privileges. Several others allow execution of code with kernel or system privileges. These vulnerabilities require the ability to execute code on the device, but that could be accomplished with one of the many remote code execution vulnerabilities also disclosed. Many of these are in the Webkit browser engine, meaning that such an attack could be launched if the user visited a malicious web page.