The vulnerability is one of 39 affecting various aspects of the mobile OS that the company fixed in a security update this week.
Researchers warn commercial airplane systems can be spoofed impacting flight safety of nearby aircraft.
Hackers targeted Ghost on Sunday, in a cryptocurrency mining attack that caused widespread outages.
CVE-2020-2883 was patched in Oracle’s April 2020 Critical Patch Update – but proof of concept exploit code was published shortly after.
Threat actors are spreading the tricky trojan through fake messages in another opportunistic COVID-19-related campaign, said IBM X-Force.
The “PerSwaysion” attackers have leveraged a plethora of Microsoft services to compromise at least 150 executives in a highly targeted phishing campaign.
Researchers say the bugs are easy to exploit and will likely be weaponized within a day.