What makes this different from a typical attack on encryption is that this company (probably) knowingly distributed to and worked with criminal enterprises.
But this article is written in a way that suggests that encryption is dangerous - an angle that the CBC has taken before - which makes sense considering that it is a government-owned news outlet in a Five Eyes member state.
I’m concerned about what the OS is doing in accordance with its privacy policy or terms of service. Without having read them (I am only human) I assume the photos in the default location are sent off for analysis to “improve your experience by showing you relevant advertising”. I would be surprised if this above-board surveillance went as far as crawling the filesystem
I think MacOS stopped you from executing unsigned code pretending to be a pdf, which would be a very good thing.