If Pegasus can break the iOS security model, there’s no reason to think it politely respects Lockdown Mode. It’s basically an admission the model failed, with features turned off so users feel like they’re doing something about it.

▲

jkubicek 17 hours ago | parent [-]

Lockdown mode works by reducing the surface area of possible exploits. I don't think there's any failures here. Apple puts a lot of effort into resolving web-based exploits, but they can also prevent entire classes of exploits by just blocking you from opening any URL in iMessage. It's safer, but most users wouldn't accept that trade-off.

▲

varispeed 15 hours ago | parent [-]

Claiming reduced attack surface without showing which exploit classes are actually eliminated is faith, not security.

And Lockdown Mode is usually enabled _after_ user suspects targeting.

	▲	goalieca 14 hours ago \| parent [-]
		If you did RTFA for this story, you’ll see on page 67 what I pasted with a link to the support article describing to end users exactly what’s blocked. It does greatly reduce the attack surface.