Apple situation: More "mind how you go" than "lock up your daughters"
Reading the report, the headline Apple spyphone crack uses phishing, followed by an attack called Trident, which uses a sequence of three vulnerabilities to jailbreak the iPhone. Users who keep their iOS up-to-date (which does require hardware that is less than 3–4 years old) are not susceptible, since Apple has definitely fixed two of the vulnerabilities, CVE-2016-4657 and CVE-2016-4655. The documentation for the third, CVE-2016-4556, does not mention Apple at all. It's possible that its ID is incorrect: Nokia made a typo in one of the other two.
Of the remaining Apple vulnerabilities mentioned, AceDeceiver exploits an untrusted network and is defeated by two-step authentication; apps created with the booby-trapped xCodeGhost developer tools have been purged from the app store, and Apple is supposed to have made it quicker for Chinese developers to download the official xCode package (developers were reportedly downloading xCodeGhost because it arrived faster); KeyRaider affects only jailbroken iPhones; and Yispector, which affected only non-App Store apps, was blocked 18 months ago.
Of course, there are always more exploits coming down the pike, but a need for paranoia is not indicated at the moment.