[win32k]

Security is a lot more than just the OS. Modern iPhones have security chips that ensure the integrity of the main OS during boot and while running. A large part of Apple's security excellence comes from their hardware security integrated with their software/firmware.

[bink]

And they make the entire mobile industry more secure by showing what can be done, allowing others to follow suit.

[hospitalJail]

What makes you think there is excellence in security? Nearly every case involving Pegasus was on the iPhone.

I believe this affected ~1000 VIPs and caused the death of at least 1 person.

Either 0 VIPs use Android, or it is much harder to break into. (From my research, there wasnt any 0 click exploits, you always had to manually download something and approve it outside the play store)

[themagician]

I sort of agree with the sentiment behind what OP is saying here, but perhaps not the way he is saying it. I'm not sure if I'd call it "security" as much as "system integrity." The model that Apple has moved to with the signed and sealed system volume is pretty interesting. I didn't even realize how much had changed with macOS until I was hunting around to change the startup wallpaper on Monterey and realized that macOS today is totally different from the macOS I remembered administering many years ago.

UAC on a Mac has always been good, but now there is this new layer that even protects the system from the admin. I think the real risk with Apple's model is that there are these choke points now that, if compromised, can cause truly catastrophic failure—especially because of the false sense of security that's out there. If an Apple update server or signing certificate were compromised it would be a potential company ending event. Other ecosystems are much more fragmented, and there is some resilience baked into that. I remember a few years back when an OCSP server went down and internet connected Macs around the world ground to a halt. You couldn't open any application because it took 10 minutes for the server that verifies its certificate to time out.

[artificial]

4 0days were just patched recently on Samsungs which targeted the baseband modem among a batch of 22. https://nakedsecurity.sophos.com/2023/03/17/dangerous-androi...

[jupp0r]

Every single case involving Pegasus was a targeted attack by a state actor. This is a very different scenario to defend against than what corporations or private persons normally worry about.