Mobile carriers send OMA CP (Open Mobile Alliance Client Provisioning) messages containing APN settings, and other device configurations that your phone need to set up a connection to the gateway between your carrier’s mobile network and the public Internet services. These messages can also include configurations to change the following settings on the phone over-the-air (OTA): MMS message server, proxy address, browser homepage and bookmarks, mail server, directory servers for synchronizing contacts and calendar, and more.
Source: https://thehackernews.com/2019/09/just-sms-could-let-remote-attackers.html