There was also this one for which I had involvement: http://www.falseconnect.com/ which while impacting nearly every major technology vendor was particularly bad for Apple. Pretty much anyone who'd been using a proxy service (which includes some VPN providers like TorGuard) for privacy with iOS or macOS opened themselves up to full compromise of the cryptographic channel. The thing is, Apple recognized it was a big problem and got it patched and that patch distributed to all impacted devices in under 45 days from the first report. A similar flaw I reported to Samsung a few years earlier is still not patched on every Android phone impacted because some carriers didn't push the patch.
