ZecOps responded to Apple's claim (as noted at the end of the article):Ars Technica just posted an article about Apple disputing that the iPhone Mail bug found by ZecOps provides an exploit:
Ars Technica said:That no-click iOS 0-day reported to be under exploit doesn’t exist, Apple says
ZecOps said that based on the data collected on iPhones it believes were exploited, company researchers were able to write a proof-of-concept exploit that took full control of fully updated devices. ZecOps has declined to publish the exploit or other data until Apple releases a fix for the bug. Apple has already released the patch for a beta version of the upcoming 13.4.5, and as Thursday night’s statement said, the company plans make it generally available soon.ZecOps said:According to ZecOps data, there were triggers in-the-wild for this vulnerability on a few organizations. We want to thank Apple for working on a patch, and we’re looking forward to updating our devices once it’s available. ZecOps will release more information and POCs [proofs of concepts] once a patch is available.