There is speculation that this could well be the security hole which the NSA exploited to insert the DROPOUTJEEP software implant, probably using automatic updates via SSL. DROPOUTJEEP, whose existence was revealed by Edward Snowden, targets the Apple iPhone (but could conceivably be used on all other iOS devices) and allows the NSA to "remotely push/pull files from the device. SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower location, etc. Command, control and data exfiltration can occur over SMS messaging or a GPRS data connection.All communications with the implant will be covert and encrypted.”
Apple, of course, denies that the NSA can access or are accessing iOS devices as Snowden's leaked documents claim. Still, there is no denying that such a bug is a major flaw, and allows iOS and Mac OS to be exploited by malicious persons.
You might have mail.