The bugs allowed attackers to read files off a device remotely by sending a message with certain characters to their victim.
These bugs also allowed attackers to corrupt memory and control applications on the victim's iPhone using the same method.
The vulnerabilities were all reported to Apple as part of Project Zero's 90-day disclosure policy, and Apple said it has since patched the bugs in its iOS 12.4 update.
iPhone users are advised to update to the latest version of iOS 12 to ensure they are protected from these exploits.