[supriyo-biswas]

I'd have to disagree -- the lack of OS-level sandboxing primitives such as seccomp-bpf and SELinux[1] means that exploits happen rather regularly in iOS rather often ([2], among others).

[1] https://source.android.com/docs/security/app-sandbox#protect...

[2] https://www.csoonline.com/article/3811322/iphone-users-targe...

[nullpoint420]

Does the Apple Sandbox[1] not count? What about TrustedBSD[2] and the MAC (Mandatory Access Control) subsystem introduced as part of SEDarwin[3]?

[1] https://www.ise.io/wp-content/uploads/2017/07/apple-sandbox....

[2] http://www.trustedbsd.org/mac.html

[3] http://www.trustedbsd.org/sedarwin.html

[saagarjha]

iOS has a perfectly good sandboxing model that is literally called "the sandbox". You will note that the impact of that bug is limited to the process it is triggered in for precisely this reason.

[ggm]

Not to deny that, but it didn't (for example) break the Secure Enclave. Key exfiltration didn't happen AFAIK.