From <https://www.schneier.com/blog/archives/2020/05/ios_xml_bug.html>:

So Siguza's exploit ­-- which granted an app full access to the entire file system, and more ­- uses malformed XML comments constructed in a way that one of iOS's XML parsers sees its declaration of entitlements one way, and another XML parser sees it another way. The XML parser used to check whether an application should be allowed to launch doesn't see the fishy entitlements because it thinks they're inside a comment. The XML parser used to determine whether an already running application has permission to do things that require entitlements sees the fishy entitlements and grants permission. Further: Implementing 4 different parsers is just asking for trouble, and the "fix" is of the crappiest sort, bolting on more crap to check they're doing the right thing in this single case. None of this is encouraging. Conway’s Law comes to mind: “any piece of software reflects the organizational structure that produced it”. 3 different XML parsers sounds like 3 different groups working on those parts of the OS, while the addition of a fourth to block the hole suggests that nobody with any responsibility for security was able to get through to any of those groups to fix their parsing.