The prior security hole was iOS devices ‘by default’ broadcasting their recent history of connected SSID’s to everybody nearby, for reasons unfathomable. Of course, this allows anybody nearby some degree of geolocating your home/work, not to mention MITM attacks – the best kind. And changing your SSID name doesn’t help. And yet another iPhone SIM exploit before that one (search Mobileconfig exploit).
Then there’s the multiple iOS passcode bypasses this year (search iOS7 lockscreen bypass). Or ‘randomly’ generated iOS hotspot passwords which can be cracked in less than a minute because of an insufficiently large word list (search iOS hotspot bypass).
There’s a clear trend here – Vulnerability is discovered by researchers, they inform vendor out of goodwill (ie. Apple), vendor does/does not acknowledge, when questioned, will respond with a blanket: “It will probably be fixed in next release, don’t ask for an ETA”. In the meantime, distract people with colourful icons and adjectives. Closed source, minimal communication, lock-in complete. Profit.
Apple has a trend of valuing user experience and convenience above all. But for many, ignorance is bliss. Or maybe they have too much content locked deep in the ecosystem to easily migrate.