[illusionofchaos]

Furthermore, no one stops you from developing an app and planting RCE vulnerability inside the binary. Then you can exploit it remotely when necessary and execute the code that exploits any iOS vulnerabilities known to you.

[0x0]

True but it is complicated by the fact that code signing is generally enforced for executable segments. (JIT compilation entitlements are generally not available to apps beyond Apple's own MobileSafari builds)