Yup. Pretty similar to the modern threat profile of Android, all things considered.

> your average Android device has multiple publicly known remote execution issues.

Help me distinguish between "publicly known" RCE vulns and private ones. Do the privately owned exploits like FORCEDENTRY count as "publicly known", or only the Greykey/Cellebrite exploits used by governments?

▲

lysace 3 days ago | parent | next [-]

Apple’s primary motivation is to sell hardware. Their brand is hurt if their direct customers suffer damages through malware.

Google’s primary motivation is to sell ads. Their brand is not hurt if phone brand FlirpleFoo ships millions of Android devices and then hurts those customers by not keeping those devices secure.

▲

JumpCrisscross 3 days ago | parent | prev [-]

> Pretty similar to the modern threat profile of Android, all things considered

I don’t think this is accurate. Not even every nation-state would be expected to have access to iPhone zero days, particularly with the new memory protection rolling out.

▲

bigyabai 3 days ago | parent [-]

I don't think that's accurate, either. NSO Group sold their exploits to several other nation-states, seemingly without much (any...?) vetting concerning the ethics of their government.

	▲	JumpCrisscross 3 days ago \| parent [-]
		> seemingly without much (any...?) vetting concerning the ethics of their government I’m not trusting in ethics. I’m trusting in commerce. MIE should drastically reduce both the production rate and lifetime of zero days. That, in turn, means a focus on maximising profit per vulnerability versus process line.