I do not have an answer to your question, but in my mind the targeted attack is more concerning than a random drive-by that hits everyone. That means just one instance is too many.
As another example: In the earlier days of iOS, you could root it just by visiting a website. Who knows how many fell pray and have malicious code running on their devices today? With a targeted attack, you don't even get the benefit of security researchers all scouring over the code like you would with something more widespread, thus there really is no way to even keep track of what might be out there.
As another example: In the earlier days of iOS, you could root it just by visiting a website. Who knows how many fell pray and have malicious code running on their devices today? With a targeted attack, you don't even get the benefit of security researchers all scouring over the code like you would with something more widespread, thus there really is no way to even keep track of what might be out there.