How would a real world exploit happen? Download and run malware?

It affects M1s which have been around for at least 3 years! I’m genuinely curious how long this has been known about. Can you imagine what this exploit would be worth to criminals/ spy agencies?