[random5634]

The remote RCE issues Apple has had are critical vulnerabilities. Saudi Arabi doesn't like you, they exploit remotely (maybe not even knowing who you are at all yet) to get your data / your contact lists and social graph etc - and you could be impacted or others could be impacted as a result in a major way.

This exploit requires that they already know who you are and where you live and where you go get coffee. They have to send a physical attacker to stalk your coffee shop. They have to have this equipment to run the impersonation exercise - and then wait until you are picking up coffee and airdropping something.

And after all this they get your email and phone number? So they know all these details about you but can't be bothered to use true people search or ANY of the data brokers or any of the giant data leaks to look this up?

Apple is selling a CONSUMER device. If your threat model is this elaborate, stick your phone in a faraday cage and leave it at home, someone could just grab it out of your hand at the coffee shop and be likely to get a lot more data.

So yes, it's a risk - but on the scale of risks including just being straight mugged and your phone stolen, it seems somewhat lower?