Real bug, hypothetical exploit, of course.
I sincerely doubt the exploit was merely hypothetical, but I know for a fact that that's exactly the sort of thinking that leads to real exploits.
Who cares? It was real, not hypothetical.
"Pics or it didn't happen" is a cute saying that has no bearing on reality. Are you from that generation? Any security expert will tell you that an 18 month unpatched hole like the Apple one is, in fact, a huge deal.
Speaking of pics, it's my understanding that more of those surfaced recently from iCloud.
That's a bit disingenuous -- if you read more of the articles about the Apple bug, you will find insiders that claim, basically, that it was bound to happen, because of the culture inside Apple.
And a couple of months later, it happened again -- Apple patched 26 bugs, each of which could allow remote code execution, and half of those had been reported to them by google.
Look I don't care whether or not you believe that at some point enough anecdotes stacked end to end amount to data.
But I still think it's stupid to say Apple is incented to do a better job with your data. Google absolutely needs people to be able to trust the internet, and AFAICT, it is in their DNA to take this seriously and to work hard to try to find and report flaws in, e.g. Apple's browser, as well as in their own stuff, because if enough Apple users stop doing stuff online, yes, google will be hurting.
Apple absolutely needs this trust too, in order to have the market keep growing. But they weren't born an internet company, and although they are learning, IMHO, their security is nowhere near as mature as Google's.
My point is a bunch of anecdotes don't make an argument
Which is obviously why you keep focusing on the anecdotes and ignoring, e.g. the study I pointed to, which says, for the typical user using applications from the exact same well-known companies, more data gets leaked on Apple than on google.
Which says it's not just their security model. I would say that Apple is still learning about how to use data properly, Facebook and linkedin are focused on exactly how far they can go, and google has internalized some sort of compromise on data handling that nobody who uses Facebook should bat an eyelash at, and that even a lot of people who hate facebook can accept.