Yes poor design from Apple, However if your account had a long random passphrase and not something from your life[1]
would it then have not been possible to compromise right ?
I mean if users followed best practices it won't have been possible [2]
---
[1] which could be known more easily than if you are a celebrity
[2] Not trying to defend Apple here or absolve them of responsibility, but trying to differentiate a product hack (design choice and social engineering) from a pure technical compromise like a RCE or speculative execution which is developer purview and more interesting.
I mean if users followed best practices it won't have been possible [2]
---
[1] which could be known more easily than if you are a celebrity
[2] Not trying to defend Apple here or absolve them of responsibility, but trying to differentiate a product hack (design choice and social engineering) from a pure technical compromise like a RCE or speculative execution which is developer purview and more interesting.