"I see no reason why they couldn't have used zero-day linux exploits instead"
Selinux / apparmor, lxc (or similar), better aslr, daemons usually defaulting to separate users, many other things... There are many security layers so trivial to apply these days that it's really a failure not to. Sure - you can still find zero-days (or may be already sitting on a pile of them), but I get an impression that it's much harder to take over the whole system these days if anyone spent a couple of minutes just to tweak the defaults.
Selinux / apparmor, lxc (or similar), better aslr, daemons usually defaulting to separate users, many other things... There are many security layers so trivial to apply these days that it's really a failure not to. Sure - you can still find zero-days (or may be already sitting on a pile of them), but I get an impression that it's much harder to take over the whole system these days if anyone spent a couple of minutes just to tweak the defaults.