[kemayo]

I think they're saying that if someone can completely hack your phone so as to have remote control of it, they can sign you up for an iCloud account and add CSAM to it.

This seems... implausibly convoluted. If you have full remote control of someone's phone, Apple or not, you could do all sorts of incriminating things "as them", and I don't think Apple's new system noticeably increases your risk from this.

[realce]

Like what? Buy illegal fireworks online?

It would take the flick of a switch for someone to ruin your life for a crime you could never explain yourself out of. Nobody will ever believe that you were framed because that means other convicted predators could also have been framed. As soon as your name hits an index-able news article, guilty or not, your life is over.

This is a blackmail machine.

[kemayo]

Well, the obvious option if you've subverted someone's phone so you can do whatever you want with it, and have access to illegal stuff, would be to store it on the phone and submit anonymous tips about the person to the police. Or upload it to random image-sharing websites, or Facebook, or email it to their coworkers with some "I found this on X's phone and thought you should know" note attached, or whatever.

I'm just saying that actually getting the attention of authorities is the most trivial part of this suggested attack. Apple's new stuff is a vector for that, sure, but anyone who is in a position to exploit it could easily do so in other ways as well.