Well, given that the exploit has been around for three years, April isn't actually that impressive. I would be more likely to guess that NSA has paid for this 0-day several times trying to prevent it from being released. I don't think that's even a very tinfoil hat scenario. The tinfoil hat scenario is that this exploit was added and ignored at the request of the NSA.

The ability to remotely tap and track almost a billion people with just their phone number? That sure makes metadata valuable...