This happened later than Snowden, but is an example of an unsettling revelation.

A bug has existed for many years in Apple devices, until a few years ago, when it has been discovered accidentally by some victims, which has forced Apple to fix it, after several CVEs where assigned to it and associated software bugs.

The bug consisted that some secret test registers, which allowed a complete bypass of all memory protection, were left accessible after production. Thus knowledgeable attackers could take control remotely of an iPhone, for many years, in a completely undetectable way, by sending an invisible message, which then exploited some bugs in Apple system libraries to gain privileged access to the secret test registers, which were then used for complete access to any hardware, including stored files, video camera and microphone.

This backdoor was discovered only because some victims became suspicious due to unexpectedly high Internet traffic originating from their iPhone, which was recorded by an external firewall.

This was discussed on HN after its discovery.

It is hard to believe that such a mistake like forgetting to disable the test registers after production could have happened and it also would have never been discovered for many years, without some Apple insider intentionally doing it.

Moreover, the unknown attackers who have exploited the backdoor for many years had complete knowledge about the secret test registers, which is likely to have been provided by an Apple insider, perhaps the same who has ensured that they remain accessible.

Hopefully, the backdoor has been created only by some lower-rank employee, and it was not created with the knowledge of the management, due to some request from a TLA. It is unknown whether the backdoor has been open in all Apple devices, or only in those sold in certain markets.

When the backdoor was discovered, it was used to spy on some Russians, so some US agency or one from Israel were among the possible exploiters of it (this was before the current war).