They say at the top that the exploit can install Pegasus, so probably some or all of Pegasus's functionality. That doesn't really narrow it down, but it likely can constantly run in the background, use the sensors, read texts, and send info over the internet at least.
