Agreed, but that's true of any system where you regularly install updates without checking and compiling them one by one, and that cover most computers nowadays.
Let's say I have infinite resources and I want to target your Debian server; it's sufficient to bribe one Debian maintainer of a default package and you're basically doomed. Until they don't get to the point of reproducible builds and don't embed something in apt to make sure the build is correct, you still need to trust the whole Debian community.
Any time you run an operating system released by a vendor, you're basically trusting the vendor. It doesn't strictly have to be like that for FLOSS systems, but it is like that right now.
So your comment is indeed correct, but doesn't specifically highlight a defect in iOS.
Let's say I have infinite resources and I want to target your Debian server; it's sufficient to bribe one Debian maintainer of a default package and you're basically doomed. Until they don't get to the point of reproducible builds and don't embed something in apt to make sure the build is correct, you still need to trust the whole Debian community.
Any time you run an operating system released by a vendor, you're basically trusting the vendor. It doesn't strictly have to be like that for FLOSS systems, but it is like that right now.
So your comment is indeed correct, but doesn't specifically highlight a defect in iOS.