> is it fair to say this kind of backdated security patch implies a lot about the severity of the vulnerability?

That is my assumption, that the result is a pretty severe impact and/or the victim has little to no way to prevent it (zero click situation).

Granted I can't speak for Apple, but I was thinking along the same lines you were.