The original exploit was probably somewhat difficult to find, but the blog post gives a fair amount of detail on how one might go about exploiting this bug. That being said, I don't think the heap overflow is enough to actually get code execution; you'd probably need a leak due to ASLR as well (although on iOS ASLR isn't the best…) Your average script kiddie isn't going to pull this off, but the knowledge required is likely far from nation-state level.