Also the application that handles text message is itself sandboxed and limited to a fixed set of permissions (to be fair, that include messaging other humans, so an exploit would still be very bad, just not "remote root" bad).

That's the part that is still unclear with this BLASTPASS business. Surely iOS isn't running the messaging app as a device root, right? There's some other presumably-unpatched privilege elevation attack going on?

Yes. The ImageIO vulnerability just allows for an initial foothold.