[olliej]

iMessage is a "perpetual source of security concerns" because it is a remotely triggerable target. That's it.

If everyone is using message service X, then we'll start seeing more attacks on X.

The exploits we've seen over the last few years haven't been in iMessage the app, they've been in a host of different things. The most recent security brouhaha was apparently in the webp library[1] that also effected chrome, webkit, Firefox, every electron app, and I assume every app on android, iOS, macOS, that uses system image decoders, etc. But if you want a specific target then you aren't going to use something like a random webpage or phishing email if you have something that you can guarantee will go to only one device that you know is exploitable, and you can guarantee how it will be handled - i.e. the builtin system messaging apps.

[1] and even here the attack didn't happen from iMessage

[superq]

I don't know if you're specifically referring to X, the artist formerly known as Twitter, but regardless, no; iMessage runs with unique privileges and capabilities that are not available to ordinary messaging services.

[dhritzkiv]

Like the other comment pointed out, I understood 'X' to mean a stand in for iMessage. It didn't occur to me that we were referring to FKA Twitter

[throwaway290]

X is a common variable/placeholder like A, N or foo. Nobody is using it to refer to x.com unless it is a thread about Musk/Twitter

[olliej]

Sorry I forgot the most recent musk idiocy. X was a stand in for any other functionally always on and receiving service, messaging platforms are the primary example.

I'm actually now curious whether the various awful web notification standards allow images?

[saagarjha]

No it doesn’t.