In terms of prevention strategies, it seems that given that the initial vector was a malicious iMessage attachment, Lockdown Mode would have prevented this attack? (As it disables iMessage attachments).