That was not broken. What was broken was origin validation in Safari. There is a difference between a vulnerability in the OS permissions system (which this was not) to control mic/camera permissions and a vulnerability in an application that has already has OS camera permissions.
If you do not give an application permission to access the camera, then vulnerabilities in those applications do not lead to camera access.
(Unfortunately though, Safari is not controlled through this permission system, probably because it was provided through the OS. Permissions can be controlled for other browsers. IMO this should be fixed by Apple.)
I understand the extent of the security problem there, and as you say it was Safari-specific. But it goes to show that there might be consequences beyond the obvious when you do grant an application access to the camera/mic.
If you do not give an application permission to access the camera, then vulnerabilities in those applications do not lead to camera access.
(Unfortunately though, Safari is not controlled through this permission system, probably because it was provided through the OS. Permissions can be controlled for other browsers. IMO this should be fixed by Apple.)