Indeed, for three years or so Apple's privacy policy has specifically had this in it-
"Security and Fraud Prevention. To protect individuals, employees, and Apple and for loss prevention and to prevent fraud, including to protect individuals, employees, and Apple for the benefit of all our users, and prescreening or scanning uploaded content for potentially illegal content, including child sexual exploitation material."
"Security and Fraud Prevention. To protect individuals, employees, and Apple and for loss prevention and to prevent fraud, including to protect individuals, employees, and Apple for the benefit of all our users, and prescreening or scanning uploaded content for potentially illegal content, including child sexual exploitation material."
https://www.apple.com/legal/privacy/en-ww/
Under "Apple's Use of Personal Data". They had that in there since at least 2019.
Add that an Apple executive told congress two years ago that Apple scans iCloud data for CSAM.