[vayup]

In theory, it is a 1/15 chance of successful attack. Which is a terribly low success rate of attack prevention.

In practice, it is 15/16 chance of detection of the exploit attempt. Which is an extraordinarily high rate of detection, which will lead to a fix by Apple.

Net net, huge win. But I agree they come across as overstating the prevention aspect.

[saagarjha]

1/16 is a miserable rate for commercial spyware; it would be very difficult to sell this kind of product for a remote 0- or 1-click attack.

[pizlonator]

It’s miserable today because you’d be competing with others selling deterministic attacks.

But what if the only thing available to purchase is 1/16 or 1/256? Then maybe it’s not so miserable

[saagarjha]

I trust that people will find a way to make deterministic attacks, I just think they will charge through the nose for it.