Google Project Zero researcher Ian Beer has explained an iOS 13 exploit that lets someone take control of a device over WiFi using a “zero-click” attack. Normally, security exploits require at least some kind of interaction on your part.
Like AirDrop, the exploit took advantage of a buffer overflow bug ina driver for the in-house mesh networking protocol. As the driver sits in the operating system’s kernel, which has extensive privileges, a successful hack could have dealt with extensive damage. The stealthiness was the greater concern. A perpetrator could have swiped personal data while leaving you completely oblivious, at least as long as there was a reasonably close hiding place.
The company fixed the mistake in iOS 13.3.1 before iOS 13.5 arrived with COVID-19 contact tracing. This could easily have been a serious problem in apartments and other places where it’s difficult to stay out of WiFi distance from others.