Flutterby™! : NSO zero-click

Project Zero: A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution. So an iMessage call that was just supposed to save a .gif file also tried to parse the .gif file, but with a general file parser. When sent a properly crafted JBIG2 file, the PDF parser interpreted that in a way that could overflow and allow arbitrary writes to its memory, which let that create a virtual machine that could start to make other larger decisions on exploits.

Really crafty interesting stuff.

Edit: the MeFi thread