https://www.bloomberg.com/news/newsletters/2022-10-13/-zero-click-spyware-emerges-as-a-menacing-mobile-threat

A journalist's iPhone silently received a command to open the Apple Music
app. Without the journalist's knowledge or interaction, the app connected
to a malicious server and downloaded spyware onto the phone that remained
there for 17 months, eavesdropping on phone calls and text messages.

The journalist was a victim of spyware manufactured by NSO Group known as
Pegasus. The hack was an example of a "zero-click" attack-a method of
placing spyware on a phone without tricking a user into doing anything.

NSO has utilized at least six different zero-click exploits that were used
to covertly hack Apple iOS versions. The zero-click attacks worked by
leveraging security vulnerabilities in Apple devices, in some cases sending
an iMessage that would force the phone to connect to a malicious website
without user engagement. But it's not only iMessage. Flaws were exploited
in Apple's iMessage, the Apple podcast and music apps, Apple photos and an
Apple Wi-Fi calling feature, the researchers found.

In stark contrast, researchers found no such flaws in the Android operating
system from Google although Facebook apps like WhatsApp did have the flaws.