'Karma': A hack used by the UAE to break into iPho...

[cyphunk]

Taking the sources of the article on their word...

They said the tools use faded in late 2017 due to apple patches and that compromise required only sending a text message. Examining CVE's up until late 2017 may give more of an idea of how this tool worked. Judging from a cursory review, there are many remote code exploits so it would be hard to narrow down. But this is what I chose to look at when considering CVE's between Jun 2017 and Dec 2017 that could effect iMessage. Many of these are classified as Denial of Service bugs but often those can be extended to code execution with extensive research.

IOKit https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-20...

IOMobileFrameBuffer https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-20...

CFString https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-20...

CoreText https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-20...

CoreText https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-20...

Fonts? https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-20...

ImageIO https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-20...

Messages https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-20...

SQLite https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-20...

SQLite https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-20...

SQLite https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-20...

SQLite https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-20...

SQLite https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-20...

Kernel: too many to count

These were compiled by reviewing the apple security mailing list https://lists.apple.com/archives/security-announce/2017