Apple have a service which attempts to do this, BlastDoor. The issue here is feature surface area unrelated to GSM. My guess from the CVEs is that this exploit revolves around sending a valid Wallet/PassKit item attachment which has a malicious image. The payload is safely _deserialized_ by BlastDoor itself, but is then passed off to the PassKit framework which happily detonates it.
IMO Apple should make a middle ground Lockdown mode - something that still allows attachments (which Lockdown mode doesn't, making it difficult for many users to employ), but forces them to be 1-click. This is something I would use personally and would at least protect me from getting 0-clicked by attacks like this; I'd never click a Wallet item from an unknown sender, but I also can't live with the restrictions in Lockdown mode.
It pisses me off man. If someone sends you a link on iOS, you can't copy it without doing a long press that loads all the spyware on the website in a preview window
IMO Apple should make a middle ground Lockdown mode - something that still allows attachments (which Lockdown mode doesn't, making it difficult for many users to employ), but forces them to be 1-click. This is something I would use personally and would at least protect me from getting 0-clicked by attacks like this; I'd never click a Wallet item from an unknown sender, but I also can't live with the restrictions in Lockdown mode.