100% - they got away with it because they were small. Hacking Mac OS was unattractive - whereas, hacking iOS is the most attractive target. High gain, low security.
Apple does not have security in its DNA, as is obvious from all these exploits. Apple lives in the past where it was OK to kinda fudge it, to kinda give home apps special passes, to bypass stuff to make the game center work, and so on and so forth. These are all red flags.
Apple's threat model is script kiddies and Russian hacker groups. It's very naive vs real world exploits conducted by state level actors, companies serving state level actors, and a $1M market rate for iPhone zero day p0wn exploits.
In this cat and mouse game, the hackers are leagues ahead at this point - motivated by money and a whole different mindset.
Relying on the app store review process to catch these things is naive. A company that takes security seriously would never even think this way, obviously there's many ways around app store reviews, and hackers who went through all the trouble of finding exploits will find a way around the app store reviews, too.
Apple does not have security in its DNA, as is obvious from all these exploits. Apple lives in the past where it was OK to kinda fudge it, to kinda give home apps special passes, to bypass stuff to make the game center work, and so on and so forth. These are all red flags.
Apple's threat model is script kiddies and Russian hacker groups. It's very naive vs real world exploits conducted by state level actors, companies serving state level actors, and a $1M market rate for iPhone zero day p0wn exploits.
In this cat and mouse game, the hackers are leagues ahead at this point - motivated by money and a whole different mindset.
Relying on the app store review process to catch these things is naive. A company that takes security seriously would never even think this way, obviously there's many ways around app store reviews, and hackers who went through all the trouble of finding exploits will find a way around the app store reviews, too.