Every vendor is going to tell you their platform is secure. It's a given. What worries me is the confidence of the Apple faithful that the statement is true. It's good to be cautious, but it seems that most of the Apple faithful are not, because they believe that all iThings are 100% secure.
If a vendor advises you to run some sort of malware protection then they are telling you to be cautious. So if you took a kicking and you didn't have any malware protection then the vendor could argue with some credibility that it was your own fault for not using protection. If you took a kicking and you did use malware protection then the vendor could argue that the malware protection provider was at fault. The Apple approach of telling all their users that there's no need for malware protection is surely flawed.
If somebody were to try to sue what would their defence be? They can't say you should have used protection, they are the ones who told you it wasn't necessary after all. And if you did have some sort of protection installed they couldn't blame the vendor of that app because they'd told you such an app was necessary.
The biggest protection against being pwned is not a secure platform. It isn't malware protection. It's caution and the actions and configurations that result from that.
But the scary thing about this vulnerability is that you don't need to open an attachment to get pwned. Any sensible person will have their messaging app to only accept messages from known contacts. That same sensible person will, through an abundance of caution, choose not to open attachments even from people they know unless they can verify the attachment is valid. But even with that reasonable level of caution you wouldn't have been protected in this case. Really what sort of developer thinks it safe to download and activate an attachment even if the end user hasn't told the app to do so?