Of course there are bugs, but they are hugely expensive to find.

And Apple, as well as Microsoft, Intel, and other companies have already voluntarily agreed to give the NSA and other agencies "early notice" of a vulnerability which can be exploited by the time it's fixed anyway. CISA also pretty much mandated it into law as well.