Re: Comprehensive current zero-day platform comparisons?

Marion <marion@facts.com> wrote:

 
 
Now... having said that, I do get your point which is that it's raw data.
Sure. It's raw data.
 
But it's good raw data.

That's a matter of opinion.

One resolves to an incomplete for many reasons catalogue. The other to a
blog post of an analysis by an expert group.

 
Chris - you claim to have earned a PhD for God's sake.
You never heard of a bibliography?

A bibliography requires a thesis. You have no thesis. Therefore a
bibliography is meaningless.

Try this 2021 bibliography entry:
 <https://citizenlab.ca/publications/>
 "Citizen Lab's body of work is the gold standard for identifying
  and dissecting state-sponsored zero-day exploits, especially
  against iOS (though they find Android ones too). Their reports
  are meticulously researched, detailed, and often involve reverse
  engineering of actual zero-day exploits. They reveal how many
  specific, critical zero-days were found and exploited on iOS
  devices (e.g., their "FORCEDENTRY" or "PEGASUS" reports often
  involved chains of multiple zero-days)."

Case in point. That link is just a list of articles and the supposed quote
doesn't exist at that URL. You are the very definition of baseless.

There is a *lot* of raw data and analysis in those links, right?
That's what this thread is asking other people for help in finding.
 
I simply want more raw data, and/or better analysis of that raw data.
 
We'd have to compile their findings to get a sense of numbers over time,
but the quality of their data is top-tier. For example, their recent (June
12, 2025) "Graphite Caught" report confirms another zero-click iOS 0-day.
 

If any of us had better data, then that's what we'd be discussing.

 
Your problem is that you're over interpreting the data, calling it "facts"
and then getting emotional when someone disagrees.

 
Now that's a *different* thing altogether.
As long as you don't flatly brazenly deny facts can exist, I'm OK with it.
 
If I dumb down the analysis to the lowest level, it agrees completely with
Paul's commentary that there is MORE DATA than just the raw data.

Yet more evidence that you didn't read/understand Paul's post.

Then you agree that the CISA report shows that cumulatively iOS has about
1-1/2 times

 
You keep repeating this phrase, but it is very unclear. Do you mean, "1x to
0.5x" which means at most the same and as little as half? Which is counter
to your narrative. It would also be usually written "0.5 - 1.0 times". You
likely meant something, but wrote it poorly.

 
Chris - your questions are reasonable so let's look at this from the
simplest perspective, since the main point is Apple locked you into a
barbed-wire prison garden "for your safety" so you'd better be safer.
 
Right?
 
The cumulative 0-day count changes every day, so let's use simple round
numbers to explain what I mean by the rough estimate of 1.5 times more.

So by "1-1/2" you mean 1.5. And you call yourself an engineer?! lol.

The "-" symbol is only ever the range or minus operator. Never a decimal
point.

Over time, let's say there were 100 Android 0-days exploited in the wild.
Then, over that same time, there are 150 iOS 0-days exploited in the wild.
 
SO the iOS cumulative zero-day count is *always* much greater than Android.
By about 1.5 times (or 150 percent).

I mean, that's poor data analysis. You're extrapolating from a rough
estimate. Actual numbers matter. Why not use them?

I also cannot see how you've got your 1.5x number either from the source.
Show your workings.

This number is consistent because there are a large number of zero days for
both platforms and the count only goes up by a half dozen to a dozen a
year.

That's an annual change of 50-100%. Which is huge.

So iOS will *always* (in the foreseeable future) have more cumulative
0-days since they'd have to drastically cut down to improve that count.

Well iOS has had 1 zero-day in total over 2024 & 2025 whereas Android has
had 6. That's a pretty drastic difference. If we believe those numbers in
CISA to be absolutely comparable. Which we don't.

Where is that safety you paid so dearly for in lost functionality?

 
When did I pay dearly for safety?

 
The fact the iOS device can't do anything every other common consumer
operating system does, such as provide privacy via Tor for one, is where
you're paying dearly.

You're making many assumptions on my - and others - motivation for buying
an iphone. Unsurprisingly you're wrong. Again.

There are a lot more (e.g., an iOS device is so dumb it's shocking).

You're the only shockingly dumb thing involved in this topic.