Recall that Windows a while ago had a bug in the JPEG process where a specifically malformed JPG file could cause the PC to begin executing the embedded code.
Presumably, this is what Pegasus was doing - send a text via iMessage which included a picture or some other file, and before the iMessage system finished processing (and so registered a text had been received) it had invoked the processor for that file type which failed and caused the code to execute. Presumably (IANA iphone expert) as, say, iPhone detects an incoming JPG or PNG or HEIC or video or whatever, it will invoke some part of the iOS that will at least add the content to a library, so it is recognized as not a string of text.
Some item I heard about Pegasus suggested there were several exploits they knew about, and the process was to try some of these and see if the exploit worked. Any patch simply reduced the number of options to try. Also, the code executed has been updated - suggesting to avoid detection, the newer version resides only in volatile RAM and would disappear (and need to be re-sent) if the phone were powered down.