The vulnerability was apparently found in the IOMobileFrameBuffer kernel code, a component that helps userland applications (in other words, unprivileged software) to configure and use your device’s or computer’s display.
These include elevation of privilege (EoP), in which an otherwise uninteresting app gains the same level of power as the operating system itself, and remote code execution (RCE), in which an otherwise innocent operation, such as viewing a web page or opening an image, can trick the kernel into running completely untrusted code that did not originate with Apple.