[bri3d]

One CVE is in Wallet and Citizen Lab mention PassKit. My guess is that BlastDoor deserializes the PassKit payload successfully, then sends it to PassKit which subsequently decodes a malicious image outside of BlastDoor.

[notactuallyben]

Yup. You can just have your crafted webp (This is the patch for the ImageIO bug https://chromium.googlesource.com/webm/libwebp/+/902bc919033...) image with the .png extension (inside your passkit - https://developer.apple.com/library/archive/documentation/Us...) and you send it to your target..