"Indeed, as much as I and others have criticized Apple for its obsession with controlling the end-user experience from software to silicon, this same approach may actually make its systems more secure than more open approaches."
Well, security through obscurity doesn't work. But, by traditional definition IPhones are not even a smart phone (a smart phone allows you to install your own software, as opposed to IPhone that only permits software via an app store. And, if you say "installing from an app store counts", then almost every phone Verizon's sold the last 10 years is a smartphone, including Motorola Razr and a whole raft of generic flip phones. However, this restriction in app source does reduce the available sources of insecure code.
"What rubbish. It is the NT based OSs that are designed with 'security baked in' and UNIX that has to bolt on things like proper access ACLs and SEL to provide full security. Windows passed things like FIPS certification almost out of the box whereas Linux required massive changes to be made."
Not rubbish at all. The NT kernel had ACLs all along, but they were not used properly for about a decade (out of the box). One specific version of NT4, services turned off, no network connected, on a specific Compaq server, met a mid-level FIPS -- FIPS requires the EXACT software, hardware, and configuration or the FIPS cert is invalid. This was not a practical setup (an NT4 server with no network connection?), it was just put together since certain gov't contracts required the mid-level FIPS certification. That Linux version with "massive changes"? That had a *higher* FIPS certification than that NT4 version could achieve; to acheive the mid-level FIPS rating that NT4 got, more or less for Linux you just have to turn off unncessary services then spend loads of money to have someone certify it (then, technically, never patch it since the FIPS cert is only as-shipped). Highest FIPS levels are not really useful for a general purpose system; they do not even permit the system to tell you things like the amount of RAM available, CPU load, or free disk space, because these numbers could be modulated by an app as a rogue communications channel.
Realistically, UNIX is as secure as it is now because UNIX had it's "Microsoft moment" (viruses severe enough to disrupt entire networks) in the late 1980s. So they made sure to *use* ACLs, privilege seperation, and such and make sure the shipped default is secure then; Microsoft didn't have their big virus problems until 10 years later, and got to a much later start shaping up the rest of Windows to take advantage of the NT kernel's security. UNIX did tend to encourage following reasonable programming practices more than Windows of old, though; I'm sure Microsoft has had a bugger of a time increasing security without breaking each and every 1990s-era Windows app that people are still using.
"This is largely why Linux servers are a much larger security risk than Windows ones: http://www.zone-h.org/news/id/4737"
This post has nothing to do with the rest of what you are talking about; ok, so some random kernel bugs were exploited. No amount of ACLs and such will help if your smashing the kernel stack or getting your code to run in kernel mode or what have you.