1-click code execution vulnerabilities in popular software apps