don't worry, they set the allow_pegasus boolean to false

Apple did create a boolean for that. They call it lockdown mode.

> Lockdown Mode is an optional, extreme protection that’s designed for the very few individuals who, because of who they are or what they do, might be personally targeted by some of the most sophisticated digital threats. Most people are never targeted by attacks of this nature. When Lockdown Mode is enabled, your device won’t function like it typically does. To reduce the attack surface that potentially could be exploited by highly targeted mercenary spyware, certain apps, websites, and features are strictly limited for security and some experiences might not be available at all.

▲

varispeed 17 hours ago | parent [-]

If Pegasus can break the iOS security model, there’s no reason to think it politely respects Lockdown Mode. It’s basically an admission the model failed, with features turned off so users feel like they’re doing something about it.

▲

jkubicek 17 hours ago | parent [-]

Lockdown mode works by reducing the surface area of possible exploits. I don't think there's any failures here. Apple puts a lot of effort into resolving web-based exploits, but they can also prevent entire classes of exploits by just blocking you from opening any URL in iMessage. It's safer, but most users wouldn't accept that trade-off.

▲

varispeed 15 hours ago | parent [-]

Claiming reduced attack surface without showing which exploit classes are actually eliminated is faith, not security.

And Lockdown Mode is usually enabled _after_ user suspects targeting.

	▲	goalieca 14 hours ago \| parent [-]
		If you did RTFA for this story, you’ll see on page 67 what I pasted with a link to the support article describing to end users exactly what’s blocked. It does greatly reduce the attack surface.