Which is to say they absolutely have vulnerabilities that work against certain versions of iOS, but probably not others. And the NSA likely has more than a few zero days, simply because it's a far cheaper way for them to do their job than any alternatives.

Just like with any piece of software, there is no "secret vulnerability that works all the time forever": it's discover, exploit, patch, repeat.

(Which, incidentally, is also the argument against key escrow schemes. Whereas it would be discover, exploit all devices that implement the key escrow code, wait until the government develops a new patch, wait until all device manufacturers incorporate the patch... repeat.)