Just to be certain, though, which, if any, of your three "how-they-do-its" is vulnerable to an Apple Security Update?
I moved the reiteration of your question to tacit and the responses to it over to THE CYBER-SECURITY THREAD to avoid continuing the off-topic tangent here.
