A report from Citizen Lab about two zero iMessage vulnerabilities/exploit which require zero click, in spyware sold by the cyberweapons NSO Group. iMessage is the the default messaging app of Apple iPhone.
It appears these attacks do not require victim to do anything. They neither click on a link or open a file. The victim receives a text message, and then they are owned (hacked).
You can ready more on this here.