Three months after Apple released the patch for the exploit, the Project Zero team have released a fabulous detailed description of how it worked: A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution.
The Project Zero team, who most certainly have seen it all, dryly observe:
Based on our research and findings, we assess this to be one of the most technically sophisticated exploits we've ever seen
This is an extraordinarily interesting article, well worth a read. (And note that it's only part of the overall explanation; the Project Zero team promise further details in the future.)