[tyrfing]

It's Apple, see the Reuters report from 2019: https://www.reuters.com/investigates/special-report/usa-spyi...

Here's KARMA: https://citizenlab.ca/2016/08/million-dollar-dissident-iphon...

Looking at CVEs, my guess for KARMA 2 is CVE-2017-8248, patched in 10.3.3. Bit of a stretch, though. Looks like whatever was patched was never really publicized.

https://nvd.nist.gov/vuln/detail/CVE-2017-8248