In TFA, it says that they injected the exploit via stingray or cellular network compromise. I'm pretty sure that better isolation of the browser and other apps from the cellular network would have prevented that.
But yes, he would have been vulnerable to malicious sites exploiting browser bugs, as one always is. I mitigate that by compartmentalizing activities in multiple machines and VMs. For example, the host that this VM is running on contains absolutely no information about my meatspace identity.
But yes, he would have been vulnerable to malicious sites exploiting browser bugs, as one always is. I mitigate that by compartmentalizing activities in multiple machines and VMs. For example, the host that this VM is running on contains absolutely no information about my meatspace identity.