Less than 24 hours ago, the top story on HN was a tranche of iOS 0-days released by a whitehat who got frustrated by Apple's mismanagement of its bug bounty program. So it's open season on that afib data right now...
It does not follow that 0 days mean every piece of information in apple’s control will be stolen. Historically apple 0 days have been used to target high level targets, usually journalists, and not appropriate (or usable) for removing all data from all iPhones.
Something Apple should fix, sure. But not something that I’m going to delete all my Apple Health data for.
> It does not follow that 0 days mean every piece of information in apple’s control will be stolen
You're correct in general, but not in this specific instance. If you followed the said thread, you'd have encountered the disbelief that Apple stores health data unencrypted on the iPhone, despite FIPS certification for the watch. Every 0-day, as it stands today, can result in access to health data, until Apple adopts defense in depth.
How would you know if it was? It was more likely sold by whoever collected it. The very existence of this pool of data is a risk, and just because the sky didn't fall today, do you stop wearing a seatbelt?
Sometimes the sky does not actually fall.