According to the Epstein files, he had a "personal hacker" working for him.

@briankrebs ol’ Vinny could only profit like that because of closed source and Apple’s refusal to acknowledge vulns, especially ones they arrogantly assume they already fixed, like the webp shituation last year. I got lip from a colleague for sticking up for a guy who posted about that on Reddit after Apple ignored him for three months. Zero click RCE reports need to be taken seriously and Apple needs to get its head out of its ass.