iMessage has been one of the most successful delivery vector for these spyware attacks.
So, if you think you are a likely target of a state sponsored attack, best thing you can do on an Apple device is to turn on lockdown mode, turn off iCloud and iMessage, stop using keychain, use only a yubikey for all authentication, and restrict yourself to a limited number of essential apps on your primary device and use a dedicated burner device for all your throwaway browsing and communications, and erase/reset that device after every session. And still, assume everything you say and do online is fully compromised, because there are always system vulnerabilities that haven't been made known yet ('zero-day' attacks) and are being used to compromise highly targeted individuals. In the end, it is a very convoluted cat and mouse game.
So, if you think you are a likely target of a state sponsored attack, best thing you can do on an Apple device is to turn on lockdown mode, turn off iCloud and iMessage, stop using keychain, use only a yubikey for all authentication, and restrict yourself to a limited number of essential apps on your primary device and use a dedicated burner device for all your throwaway browsing and communications, and erase/reset that device after every session. And still, assume everything you say and do online is fully compromised, because there are always system vulnerabilities that haven't been made known yet ('zero-day' attacks) and are being used to compromise highly targeted individuals. In the end, it is a very convoluted cat and mouse game.