Then they'll exploit the webview followed by the sandbox. [1]

As of iOS 14, incoming messages are parsed in a tight sandbox [2]. It'll be interesting to hear how this attack got around that.

[1] https://en.wikipedia.org/wiki/JailbreakMe

[2] https://googleprojectzero.blogspot.com/2021/01/a-look-at-ime...