Samuel Groß from Google's Project Zero has a great writeup on a remote iOS exploit (which is fixed in the latest updates from Apple). I'm linking to part 2 of this writeup, because there is a ton of interesting technical information about how the exploit worked, which includes Objective-C tagged pointers and memory leaks in NSKeyedUnarchiver.

Memory leaks in system frameworks have always bugged me (most recently: FB7482388), but it had never crossed my mind they could be security vulnerabilities. It makes sense now that I think about it.