TEST 1 (setting up and triggering the vulneability?)
TEST 2 (Some sort of deallocation of arr object? i ain't got any knowledge about javascript tbh)
TEST 3 (test if succesfully triggered?)
TEST 4 (acquiring an arbitary read/write primitive?)
TEST 5 (native code execution?)
TEST 6 (evading detection?)
PDF about the iOS 9 Pegasus exploit (CREDITS TO PSXHAX member vettegast for finding)
Github Link