What's so fanciful about it? We know that remote exploits exist. We know that cellphones have very complex baseband processors which used to have arbitrary memory access and while they've reported been locked down it's not like there hasn't been an arms race finding ways around every other security measure. We don't need any technological breakthroughs to posit that past remote exploits were not the only ones possible.

This is the problem with things like this or the Bloomberg server story: the capabilities are plausible but there's not enough information to know whether or not they're actually true so you're in the position of having to guess about whether someone actually could implement that attack and whether they'd chose to spend that much money.

Like an exploit where all you need to do is enter the target's phone number to compromise their phone?

TFA says they need to send the target a text message.

The exploit must be something like a buffer overflow in iMessage. Which we know bugs like this have been fixed. Remember the text of death which could crash any iPhone from a couple years ago?

Are you thinking of the "Stagefright" bug that did RCE via SMS on Android devices? Or maybe the Chinese censorship code that crashed iOS when people sent the Taiwanese flag emoji? 🇹🇼

Don't forget the Stagefright-like bug in iOS where a malformed TIFF file could lead to remote code execution!

"Bugs like this have been fixed" != "all bugs like this have been fixed". That is, some similar bugs having been fixed does not make such an exploit impossible.

Wasn't that in may? Time flies.

I think more that they manage to find these exploits and rapidly build infrastructure around it to make it useful.

They don't need to be very fast... the NSA is known to sit on vulnerabilities for years.

Bear in mind that, at one time, iOS devices could be jailbroken [to run arbitrary code] by simply opening a specifically-created PDF; https://www.wired.com/2011/07/jailbreakme-3-0-unlock-your-ip...

Not just arbitrary code, but arbitrary code with kernel privileges!

Yes. It likely that the reporters don't understand the technology involved, so their reporting on that topic is pretty vague. Humans tend to look where there's light, even if they know that't not the most likely place to find it. That said we have the words exploit, imessage, full access, email/phone number. We can piece together that they use a 'buffer overrun' style exploit to break out of iMessage, and and possibly several other exploits, till they have remote code execution on the device, and then they install a bot/server to collect data. Really difficult in practice, but a familiar pattern. IIRC there's a Wired article recently that reviews similar tech from another company, the author of that article says he sets his phone down in their office, and minutes later they have access to all his data.

It's a corollary of Clarke's law. When technology is described by someone too stupid to understand it (like nearly all journalists), the explanation makes it sound like magic, because that's how the writer sees it.

I don't think there's anything fanciful in having a request with well-crafted data cause remote code execution. I might be missing something though.