Apple left a known iTunes vulnerability unpatched for 3 years. It was used by governments against dissidents and to snoop on users.