[kmfpl]

>“Just reboot your phone, and you're good to go”

Doesn’t really work like that. First of all, when would you reboot your phone? Once per day? Once per hour? Every five minutes? Regardless, these attacks are incredibly advanced, remember they require zero interaction from the user.

Even if you rebooted constantly and the exploit lacked a persistence vector, they would still be able to exploit you whenever they want. There are literally no good defense mechanisms against zero-click attacks. The only effective one being turning off your phone forever.

Something like these exploits takes 1-2 minutes maximum to achieve full data exfiltration. This means you’re not safe even if you reboot every five minutes.

So preventing persistence vectors is not really useful against these types of attacks. Persistence is more of a “comfort feature” for attackers, is not really something essential.

[drvdevd]

What about also removing your SIM card and disabling iMessage or otherwise firewalling all traffic to Apple?

[saagarjha]

Why not just keep the device off and stop using it? That would stop all attacks!

[kmfpl]

Normally bugs in these types of attacks target daemons that are always connected even if not logged onto iMessage or even if you disable iMessage. Or at least this was the case with previously known bugs.