That's a bit misleading. There are code word programs and classified investigations where just revealing the existence of the info would be a serious violation.
In this case, if a cleared employee is asked: is this information true, is there such an investigation? Then simply by saying they can't comment on the question, they reveal the info to be true.
I think most people with high-level clearances would play it safe in such situations and just deny any knowledge of the situation.
I can't comment is exactly what they can and do say very frequently. Apple could have not commented on any investigation or not responded to a request for comment. This would have been completely normal. "That's not something I can talk about" is a very common phrase.
Absolutely correct, but extraordinary claims require proof. I'm certainly willing to be proven wrong, and of course I could be, but there is no indication that this is anything other than Bloomberg being misled at this point. Location of clearly exploited hardware, acknowledgement by anyone involved, or analysis of traffic from one of these boards would all corroborate the story.
In this case, if a cleared employee is asked: is this information true, is there such an investigation? Then simply by saying they can't comment on the question, they reveal the info to be true.
I think most people with high-level clearances would play it safe in such situations and just deny any knowledge of the situation.