They're referring to a previously mentioned exploit:
> Late last year we published a writeup of the initial remote code execution stage of FORCEDENTRY, the zero-click iMessage exploit attributed by Citizen Lab to NSO.
The sandbox escape only uses logic bugs:
> In this post we'll take a look at that sandbox escape. It's notable for using only logic bugs.
> Late last year we published a writeup of the initial remote code execution stage of FORCEDENTRY, the zero-click iMessage exploit attributed by Citizen Lab to NSO.
The sandbox escape only uses logic bugs:
> In this post we'll take a look at that sandbox escape. It's notable for using only logic bugs.