They don't know. They weren't able to actually find the exploit code, so they don't know how it worked or what level of access it achieved. Or whether there even was an exploit at all.
That said, if there was an exploit, I'd be surprised if it didn't escape the iOS sandbox. As an exploit category, iOS sandbox escapes are medium difficulty. Not as easy as WebKit exploits, or privilege escalation on some other operating systems (...such as macOS), but still plentiful. Or from a buyer's perspective, more expensive, but readily available. MBS doesn't exactly have issues with expense.
By the way, image/video parsing vulnerabilities are somewhat rare themselves, at least in stacks that only handle a small number of formats (not something like ffmpeg or VLC with a bazillion file format parsers that nobody's looked at in decades).
And here is a massive writeup, also from last year, analyzing the privilege escalation parts of no fewer than five different exploit chains, which were found bundled together in a real attack, each targeting a different range of iOS versions. Not five exploits, five chains. It’s a great read:
“A very deep dive into iOS Exploit chains found in the wild”
That said, if there was an exploit, I'd be surprised if it didn't escape the iOS sandbox. As an exploit category, iOS sandbox escapes are medium difficulty. Not as easy as WebKit exploits, or privilege escalation on some other operating systems (...such as macOS), but still plentiful. Or from a buyer's perspective, more expensive, but readily available. MBS doesn't exactly have issues with expense.
By the way, image/video parsing vulnerabilities are somewhat rare themselves, at least in stacks that only handle a small number of formats (not something like ffmpeg or VLC with a bazillion file format parsers that nobody's looked at in decades).