Seriously who at apple thought it would be a good idea to have their default and only allowed messenger app literally open the attachments on behalf of the user without any interaction required? Who needs to throw a USB drive over the fence when Apple will just go plug it in for you anyways?
That's not quite accurate. As the summary and article notes, the text contained a link. Simple URL, not an attachment. It was taking advantage of flaws in the link-preview functionality to achieve a remote exploit, basically breaking out of the WebKit browser sandbox. Android has suffered from such flaws as well--indeed, a lot of apps in general (Discord, Slack, etc.) have had link-preview exploits. So, iOS Messages was not executing just any random "attachment" or binary sent via text. Apple's not quite THAT dumb.
Nonetheless, there IS stupidity to be pointed out, since such flaws can be easily mitigated simply by turning off link previews (I personally loathe link previews in any application and disable them wherever possible). Sure, it doesn't fix the underlying bug, and if the user actually visits the link, they can still be exploited. But at least when link previews are turned off, the exploit is not automatic, and requires user interaction. You know, don't click on links from unknown senders, that sort of thing.
So how do you turn off link previews in iOS? You don't, not anymore. You used to be able to, of course. iOS had that option for YEARS, but for some idiotic reason Apple decided to remove it in 2022 (may've been late 2021). Yes, that recently. After numerous link-preview exploits in iOS and Android and all sorts of apps, Apple thought it somehow a good idea to remove the (again, already existing) option to turn this functionality off.
There is still one way left, the new "Lockdown Mode", but that turns off a whole host of things a user might otherwise want. Why Apple stripped the simple preview on/off option out when iOS had had it for so long, is a goddamn mystery.
I'm not saying in-line media previews are a placeholder for future integrated advertising or "engagement", but, well...
In the past 5 years whenever a piece of technology changes in a seemingly dumb way - or changes at all, really - "follow the money" comes down to "How will this create a new user interaction layer or change an existing operating-expectation to habituate users to looking at or clicking on [thing], and how might [thing] be monetized with sponsored content or behavioral-data slurping in the future?"
For example, all the changes I've seen from Windows 10 to Windows 11 are designed with the clear prime directive of getting users used to looking at certain places and not others, in order to build inescapable content-delivery into the OS itself. It used to be just web browsers, but now apps are "content" as well, to be promoted or deprecated by the UI in accordance with the current SaaS strategy and quarterly revenue goals.
In soviet Amerika, interface use you!