Did you cover this yet?
Apple iCloud bug let ANYONE read your private iPhone notes and was kept a secret, security expert claims
https://www.thesun.co.uk/tech/8313049/iphone-icloud-breach-bug/
No, I didnt cover it. Its FAKE NEWS. Firstly, Apple always reports such vulnerabilities and exploits in the CVE registry of known cybersecurity vulnerabilities, and their current statuses. They are required to do so by Federal law and "keeping it secret" is a violation of that law. This one is not listed at all and would have been. Secondly, Apple does not expose user phone numbers with AppleIDs ever. . . and in fact one can have multiple phone numbers under a single AppleID. Thirdly, a mere phone number change would never access an AppleIDs data. Fourthly, also under Federal law, any company aware of a data breech is required to notify users of the fact said data breech occurred and what type of data may have been exposed. The first anyone hears about this is from an obscure Turkish hacker claiming in a post to a hacker site that Apples iCloud may have been breached. . . And they publish an article in which that claim is not even in the lede paragraph but is buried four paragraphs down in the article headlined: "iCloud Possibly Suffered A Privacy Breach Last Year That Apple Kept a Secret" which says:
"It turns out that Apple also possibly suffered a privacy breach late last year due to a bug in its platform that might have exposed some of your iCloud data to other users, but the company chose to keep the incident secret... maybe because it was not worth to disclose, or perhaps much more complicated."
". . .possibly. . .", ". . . might have. . .", and ". . .maybe. . ." are not referring to factual certainties.
Not a single digital security lab ever duplicated the Turkish "hackers" claims.
This report therefore does not pass the smell test! In fact, it stinks to high heaven.