Comment by kmeisthax

That may have been possible and even easy on older hardware but modern Apple hardware makes this way more of a pain in the ass. They have a whole separate hypervisor (SPTM), kernel, and userland running in a higher set of guarded privilege levels from the standard ARM exception levels.

Compromising the camera dot on modern iOS requires compromising SPTM, which is equivalent to a full jailbreak. Most modern iOS spyware doesn't actually go as far as that, it just does enough exploitation to get the data they want.

None of this applies to macOS, which doesn't use SPTM, because the whole point of SPTM is to enforce iOS code signing and lockdown rules.