Back when Chrome was based on WebKit, IIRC Chrome team found and fixed oodles and oodles of bugs in WebKit, because WebKit wasn't even using fuzzing, or not enough fuzzing. Even as late as 2017, fuzzing was still finding significantly more security issues in Safari than other browsers: https://www.securityweek.com/fuzzing-reveals-over-30-web-bro...
Also, when discussing iCloud, you need to distinguish between the backend service, and the frontend service. There have been significant CVEs found in the front-end client. Apple doesn't run many front end Web services, so there's less to exploit. They also don't allow you to host executable code like AWS, Azure, and GCP, so the attack surface is much more confined.
That Google has exposed their infrastructure to the unforgiving nature of the Web for 2 decades, with exploits few and far between, is a testament to the quality of the security engineers.
The most secure device on the planet, isn't iOS, it's Chromebooks. Look at the defense-in-depth used on Chromebooks to isolate execution: https://www.youtube.com/watch?v=pRlh8LX4kQI
Also, when discussing iCloud, you need to distinguish between the backend service, and the frontend service. There have been significant CVEs found in the front-end client. Apple doesn't run many front end Web services, so there's less to exploit. They also don't allow you to host executable code like AWS, Azure, and GCP, so the attack surface is much more confined.
That Google has exposed their infrastructure to the unforgiving nature of the Web for 2 decades, with exploits few and far between, is a testament to the quality of the security engineers.
The most secure device on the planet, isn't iOS, it's Chromebooks. Look at the defense-in-depth used on Chromebooks to isolate execution: https://www.youtube.com/watch?v=pRlh8LX4kQI