Just to re-iterate on this further: the iPhone's 0-click exploit broke the ARM processor's authentication mechanism for pointers, thus allowing the malware to perform arbitrary signatures of arbitrary pointers, thus breaking their authentication & integrity guarantees http