I stumbled over two or three of them in the last couple of years while debugging crash reports sent in by customers.
Seems that text rendering is hard. Maybe fuzzing CoreText would be a worthwhile target to discover vulnerabilities?
It is news, because there's a _completely passive_ way to crash a device, and crashes nearly always will allow for unauthorized code execution, given enough resources to work on the problem. You could launch a DOS attack on phones this way, and we all know that Cell Phones are how we're warned about emergencies, etc.
For what it's worth, Microsoft Edge, my default browser, had no problems with this page.