In this video he discusses the TriangleDB attack chain that allowed hackers to completely compromise iPhones starting with a zero click exploit and ending with a bypass of Apples hardware based memory protection.
Read more about it from Kaspersky: https://securelist.com/triangledb-triangulation-implant/110050/
The distinction between an accidental bug, and the deliberate back door with plausible deniability is minuscule.
Unless you find the smoking gun document stating the reason for the code being written this way, there’s always going to be deniability, it’s always going to be pointed out as a bug.
But I think it’s immaterial, even if every back door starts off as a genuine bug, code is so large and complex that there’s going to be back doors to be harvested. And cataloged. And kept in reserve for advanced persistent threat actors