Apple fucked up and created a buggy program and then they fucked up again because their automatic update doesn't actually update automatically as soon as the update is live, instead it does so at its own convenience days or weeks later. Oh and they also fucked up at fixing one of the bugs apparently.
Google then makes the exploits public with the end result that there are many devices which are vulnerable.
I see you've included the old, tired but still favorite excuses of security community that the exploits were probably already known by those other bad actors and if not we should anyway be grateful that those bug hunters aren't selling exploits to the global intelligence community...
Except the security community and Google inclusive have no freaking clue who or what has discovered those exploits. And now they're available to everyone.
Why exactly should anyone using iOS be grateful towards Apple or Google here? We're pawns in a stupid game between these companies. In this day and age all software companies should be forbidden by law to release any software that they can't prove secure. And if that means no releases for the next 10 years, too bad.
> Except the security community and Google inclusive have no freaking clue who or what has discovered those exploits. And now they're available to everyone.
They were already available to everyone. You just didn't know about it, and now you do and can take protective measures.
That they were available to everyone is obviously false, since it took a team of skilled bug hunters to find them. The only way to know that other actors were aware of the bugs if there were reports of active exploitation.
Were there?
In any case, the software industry has a nice racket going:
1. Get paid lots of money to develop broken software.
2. Get paid lots of money to find security holes.
3. Expect praise from us customers that version X+1 is still broken, but now in different ways.
No thanks Google, no thanks Apple. The game's over anyway, several unsavory companies have access to iOS zero days, see the Bezos case.
I see you've included the old, tired but still favorite excuses of security community that the exploits were probably already known by those other bad actors and if not we should anyway be grateful that those bug hunters aren't selling exploits to the global intelligence community...
Except the security community and Google inclusive have no freaking clue who or what has discovered those exploits. And now they're available to everyone.
Why exactly should anyone using iOS be grateful towards Apple or Google here? We're pawns in a stupid game between these companies. In this day and age all software companies should be forbidden by law to release any software that they can't prove secure. And if that means no releases for the next 10 years, too bad.