Re: We don't need...
You'd be better off with no patches. If these guys are the only ones who have found these holes, or at least the only non state level actor who has, producing patches will only make it easy for bad guys the world over to find the holes by looking at what was fixed.
This is security through obscurity. You don't know who else have found the bugs. Or will do, now they know where to look for them.
You are also writing off "state actors" as if they are somehow harmless or inevitable. These can certainly to get access to some people's phones with some effort, but they don't actually have infinite resources or a magic wand, so there is a massive benefit in making it as hard as possible for them.