[tptacek]

I don't think I reach the deeper questions here, and pretty much just get back to "if it was cheap, Apple would have killed it already"; in that set of circumstances there can't be viable public exploits (or broad workable bug classes to fish from) to work with.

Sucks if you're part of a public jailbreaking community, but, of course, good if you're a user.

[bri3d]

I agree with this. I also agree that there's no preferable situation. Apple have done a great job building mitigations and it shows in how difficult, expensive, and rare it is to fully exploit their platforms. I certainly wasn't intending to form a counter-argument that public exploits existing would be a positive signal, or that there's a preferable alternative situation.

My only point was that "anything public is dead is what you want to see" is not a particularly useful rubric in general. I get nervous when I see statements that suggest an absence of public exploit material or high "bid" price for grey market exploits as evidence that a platform is less vulnerable. My experience suggests this isn't really how the market works in general. There are way too many additional factors that affect both pricing and publication to use "public exploit availability" or "grey-market bid price" as a signal about a platform's security posture overall.

Anyway, reading back, I realize that you specifically weren't trying to draw that conclusion, but sibling comments are now - and it seems to be a really easy trap to fall into. See: every "security journalism" outlet every time a broker posts an Android bid that's higher than their standing iOS bid, or vendors and OEMs claiming their devices are secure because no public exploits exist.

[pona-a]

But it's still more of obfuscation. You're effectively reducing the pool of researchers to those most likely to turn to the dark market. There's an entire zero-day industry privately developing exploits, and the public sees none of it. Sure, low-resource attackers can probably forget about exploiting iOS, but stuff like Pegasus still happens regularly.

[tptacek]

Literally the alternative is more viable vulnerabilities. It's hard to understand a coherent argument that favors that over what we have now. We're in this situation because Apple has gotten good at killing whole bug classes. That's exactly what users want.