If there is an iMessage bridge that would be considered a zero-day exploit. There is no official or un-office API for iMessage outside the Apple ecosystem and this is part of security measures by Apple to ensure privacy.
Not sure how it would be a zero-day exploit.. you're allowed to run whatever code you want on your Mac, and if you bypass the sandbox by giving Full Disk Access or whatever other permissions this uses, it follows that it will be able to read your iMessage database.
As for the iPhone bridge, that does use a jailbreak which is, of course, an exploit--one that Apple has patched and the patch deliberately not applied to the device in question.
I find this interesting as it raises so many questions:
Do they just give away free iPhones, or reset it for each user and have them mail it back? What if it gets lost / damaged during shipping? How do they cover the costs of this?
I may be wrong on the physically mailing you the iPhone. It could be that they ask for your Apple login and just log you in to a jailbroken iPhone on their premise.
Well, no. iMessage protocol was reverse engineered, but they patched it and make really hard to do crypto part of it. Hard enough that people stopped trying - after all you still required an existing registration from Apple's device and there was no guarantee it stops working again.
What they do is run ichat2json every time there is a new message in a folder and AppleScript to send outgoing messages. It requires a macOS with already authenticated Messages.app.
It's not using any unofficial APIs, it's just a wrapper around iMessage client on a mac.
