[walterbell]

In that case, would the list of iOS 10.3 security fixes mention at least one sandbox escape or kernel vulnerability? Since it does not, can we assume that most (all?) of the listed "arbitrary code executions" would be isolated by the iOS application sandbox?

Or should we assume that competent attackers are hoarding sandbox escapes and thus most app vulnerabilities can be escalated to device compromise?

[tptacek]

No, you can't make any such assumptions from the text of the update. But you can probably assume there's localhost sandbox escape (or kernel RCE) available to serious attackers.

[caf]

The list does include several kernel vulnerabilities anyway so the question is moot.