Project Zero released details of a sustained (multi-year) and regularly updated iOS exploit suite.

I could barely follow a sentence of the iOS exploit chain articles but the last post demonstrating the capability of the implant is terrifying.

Even though the implant wouldn’t survive a reboot, by then the attacker (and anyone who happened to be listening to the unencrypted network traffic the malware sent back) already has your entire keychain.

As the author points out, this is a failed (detected/patched) exploit… it’s possible there are others still out there.