On Mon, 16 Jun 2025 12:34:54 -0000 (UTC), Chris wrote :
These are facts, Chris, not assertions:
<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>
<https://cloud.google.com/blog/topics/threat-intelligence/2024-zero-day-trends>
No. Those are URLs.
C'mon Chris. That's what Apple trolls do.
They constantly claim facts are just a jumble of alphanumeric characters.
To Apple trolls, this link isn't a document of facts. It's just a URL.
<
https://thehackernews.com/2025/04/google-reports-75-zero-days-exploited.html>
That's an absurd position to take, Chris.
By your reasoning, facts can't exist on the Internet.
Because a URL pointing to the raw facts is just a jumble of characters.
Which is an astoundingly absurd position you are taking.
Now... having said that, I do get your point which is that it's raw data.
Sure. It's raw data.
But it's good raw data.
One resolves to an incomplete for many reasons catalogue. The other to a
blog post of an analysis by an expert group.
Chris - you claim to have earned a PhD for God's sake.
You never heard of a bibliography?
Try this 2021 bibliography entry:
<
https://citizenlab.ca/publications/>
"Citizen Lab's body of work is the gold standard for identifying
and dissecting state-sponsored zero-day exploits, especially
against iOS (though they find Android ones too). Their reports
are meticulously researched, detailed, and often involve reverse
engineering of actual zero-day exploits. They reveal how many
specific, critical zero-days were found and exploited on iOS
devices (e.g., their "FORCEDENTRY" or "PEGASUS" reports often
involved chains of multiple zero-days)."
There is a *lot* of raw data and analysis in those links, right?
That's what this thread is asking other people for help in finding.
I simply want more raw data, and/or better analysis of that raw data.
We'd have to compile their findings to get a sense of numbers over time,
but the quality of their data is top-tier. For example, their recent (June
12, 2025) "Graphite Caught" report confirms another zero-click iOS 0-day.
If any of us had better data, then that's what we'd be discussing.
Your problem is that you're over interpreting the data, calling it "facts"
and then getting emotional when someone disagrees.
Now that's a *different* thing altogether.
As long as you don't flatly brazenly deny facts can exist, I'm OK with it.
If I dumb down the analysis to the lowest level, it agrees completely with
Paul's commentary that there is MORE DATA than just the raw data.
Sure. Raw data isn't an analysis.
Raw data is raw data.
For example, these reports are simply raw data.
<
https://www.cisa.gov/known-exploited-vulnerabilities-catalog>
<
https://cloud.google.com/blog/topics/threat-intelligence/2024-zero-day-trends>
Two people could read that raw data, and come up with completely different
assessments of the threat level - just as two people could look at what's
happening in the Middle East this week and come up with two assessments.
But the raw data is what is incontrovertible, Chris.
Remember, Apple locked you into the barbed-wired walled prison garden "for
your safety" so you sure as hell should be seeing fewer 0-day bugs, right?
And yet - you don't.
In fact, you have more 0-days than Android over time.
And about the same as Android recently.
With all that barbed wire in the walled prison garden, why didn't it
provide you any security?
Note: I'm well aware 0 days are only one aspect of security.
And I'm well aware that a 0 day that affects everyone is different than a
0-day that only affects three people is different in terms of threat.
That's why I asked, in this thread, for BETTER DATA.
Nobody has it.
Yet.
Then you agree that the CISA report shows that cumulatively iOS has about
1-1/2 times
You keep repeating this phrase, but it is very unclear. Do you mean, "1x to
0.5x" which means at most the same and as little as half? Which is counter
to your narrative. It would also be usually written "0.5 - 1.0 times". You
likely meant something, but wrote it poorly.
Chris - your questions are reasonable so let's look at this from the
simplest perspective, since the main point is Apple locked you into a
barbed-wire prison garden "for your safety" so you'd better be safer.
Right?
The cumulative 0-day count changes every day, so let's use simple round
numbers to explain what I mean by the rough estimate of 1.5 times more.
Over time, let's say there were 100 Android 0-days exploited in the wild.
Then, over that same time, there are 150 iOS 0-days exploited in the wild.
SO the iOS cumulative zero-day count is *always* much greater than Android.
By about 1.5 times (or 150 percent).
This number is consistent because there are a large number of zero days for
both platforms and the count only goes up by a half dozen to a dozen a
year.
So iOS will *always* (in the foreseeable future) have more cumulative
0-days since they'd have to drastically cut down to improve that count.
the total number of known zero-day exploits than Android has.
That may be what is reported in CISA, but as has been clearly described it
is flawed. Any comparative analysis has little validity and can't be
extrapolated to make grandiose claims.
Chris - you claim to have a PhD in the biological sciences, right?
You don't have to tell me that raw data isn't an assessment.
The fact is incontrovertible that iOS has had, over time, 1-1/2 times more
zero days exploited in the wild than Android has had.
Now... let's just look at the huge magnitude of that problem, shall we?
If Apple locked you into the barbed-wire walled prison garden "for your
safety", why does iOS have hugely more 0-day exploits than Android does?
Where is that "safety" you paid so dearly for?
If Apple locked you into that walled prison garden "for your safety", why
do you have 1-1/2 times the number of known zero day exploits in iOS?
Where is that safety you paid so dearly for in lost functionality?
When did I pay dearly for safety?
The fact the iOS device can't do anything every other common consumer
operating system does, such as provide privacy via Tor for one, is where
you're paying dearly.
While Apple's (rather brilliant) marketing sells you on "privacy", it turns
out there is no mobile device *less private* than iOS is, Chris.
And that's only one way you're paying dearly for Apple's claims of safety.
There are a lot more (e.g., an iOS device is so dumb it's shocking).
Re: Comprehensive current zero-day platform comparisons?
Re: Comprehensive current zero-day platform comparisons?