iMessage is sandboxed, and does attachment processing in yet another sandbox (the exploit is named BLASTpass as it circumvents this). These days iMessage itself is probably more tightly sandboxed than other apps.
It sounds like the exploit was triggered in another process by iMessage forwarding the post-parse attachment content to that process - the blog post says this is passkit related so I assume any app that has passkit interaction could do this. iMessage is simply universally available so why use a different medium.
It sounds like the exploit was triggered in another process by iMessage forwarding the post-parse attachment content to that process - the blog post says this is passkit related so I assume any app that has passkit interaction could do this. iMessage is simply universally available so why use a different medium.