I think they're at least trying! All the vulnerabilities mentioned can be found with static analysis, which Apple is doing before accepting an app into the store. I'm pretty sure if you pack one of these 0-days in your app, it will get rejected. So as for now, this is a theoretical exercise, unless proven that this code has actually been shipped to the store.