I see what you did there. . . you clipped the cited article before the money quote in the article:
"We found a way to do a man-in-the-middle attack on an iOS mobile device and replace an original command such as 'query device' with one to install a malicious enterprise certificate application," Bobrov says.
That means for this to work, they'd have to have stolen the involved company's Enterprise Certificate. There is why it won't work. Good try.
As for the rest of your post, Apple's Law Enforcement Guideline page available on its website outlines exactly what it can and cannot do for such devices. It states that it has never "unlocked" iOS devices, but has been able to retrieve un-encrypted data for law enforcement pursuant to legal search warrants on devices prior to devices which were fully encrypted to which Apple does not have the keys. The ACLU article included a survey of devices back to 2008 which included devices that did not have any encryption at all and were only protected by the passcode with no lock-out.
"Did what" exactly, leave the MITM mechanism specifics out of the excerpt? Was that so essential to be included for people to understand Apple's "feature, not a bug" attitude? Or does anybody claim that the hack is so "trivial" that anybody could do it? On the contrary, the point is that these issues are not trivial, which is exactly why FBI / LEOs went to court to get a legal warrant to ask Apple to open access to the phone, which they have done before (few times over many years) without the phony "privacy" hissy fits.
No, not exactly and necessarily "stolen," and getting them is not impossible, and because these are aimed at enterprises they are well worth the time to get / fake — and there have been successful MITM with fake or stolen CAs / EVCs in real life (e.g., search "fake certificates mitm attack" without quotes) — but it's a separate subject.
"Good try," really? I am sure some people appreciated the information which I didn't see posted before, and they don't try to attack the messenger, even if they don't like the message. "Don't shoot the messenger, for you may never again be warned of impending danger"
That's a nice fudge of real issues. As you well know, this request / warrant had nothing to do with encryption / decryption (which Apple kept putting emphasis on, to confuse the uninformed) — FBI didn't ask Apple to decrypt the contents of the disk, only to enable the access to the contents of the [encrypted] device bypassing the data destruction mechanism. That the previous devices that Apple helped legally unlock had older technology (duh!) that "included devices that did not have any encryption at all and were only protected by the passcode with no lock-out" doesn't tell us anything about the mechanism Apple used to unlock, nor do we have a need to know.
In other words, it may be 100% correct (especially with fudged language) but it's also 100% irrelevant.
Again, there was nothing about encryption or decryption. Here's what FBI did ask Apple to do in the legal warrant, and it was well within Apple's capabilities to comply, without jeopardizing anyone else's or any of their users' "privacy," any more than their previous [for the time] "state-of-the-art" security measures. U.S. Says It May Not Need Apple's Help to Unlock iPhone (What FBI wants from Apple) - FR, post #47, 2016 March 21
It's time to take the tinfoil off where it's not needed. If anyone's iPhone is lost or stolen, then the data is encrypted and if password / bio security are enabled and applied by user, then that phone is of no use to the casual thief or hacker, so iPhone users' privacy is already very well protected. It's not endangered by Apple cooperating with LEAs to unlock a terrorist's phone (especially if it were done quietly, just like they did before and will surely do in the future with the Chinese or some other governments).
Few dozen cases over decade of federal and state law enforcement agencies obtaining legal court orders and asking Apple or Google to cooperate in unlocking the phones / devices should hardly warrant the hue and cry about "loss of privacy" to the government that Apple decided to generate by going "full Snowden" and obfuscating issues with the phony "backdoor" and "breaking encryption" pretenses.
Our devices are better protected than ever, if we exersise even a modicum of caution and common sense, and Apple and Google and Facebook know more about average citizen or non-citizen than the government. Time to take the tinfoil off where it's not needed.