ironwindow Would enabling the call/SMS toggle make it easier for an exploit to be found and used to gain access to incoming calls/texts?
Yes, but using the Block SMS and Calls toggle is just an extra line of defense and not full-proof
ironwindow So you mean apps can make calls/texts through the default SMS app without explicit permission?
I meant any type of messages by 'texts'
ironwindow I mean like an attached image that may have some embedded malware that activates once opened.
There was a group of software bugs called Stagefright, Its name is taken from the affected library, which among other things, is used to unpack MMS messages. Exploitation of the bug allows an attacker to perform arbitrary operations on the victim's device through remote code execution and privilege escalation. So disabling SMSes is also an extra line of defense.
Edit: In order to exploit the Stagefright one doesn't specifically need an MMS message (which was just an example of using the vulnr for RCE), but any other processing of the specifically crafted media by the vulnerable component is enough, that can be done via the most of applications having to deal with media files but not using own-bundled (which increases size of an app and imposes additional unjustified costs on its developer) pure software (which is slow and not energy efficient) media codecs for that, such as media players/galleries, web browsers (can cause drive-by compromise) and file managers showing thumbnails (can be used for achieving persistence).