decade-old vulns like this are why the 'you're not interesting enough to target' argument falls apart. commercial spyware democratized nation-state capabilities - now any mediocre threat actor with budget can buy into these exploits. the Pegasus stuff proved that pretty clearly. and yeah memory safety helps but the transition is slow - you've got this massive C/C++ codebase in iOS that's been accumulating bugs for 15+ years, and rewriting it all in Swift or safe-C is a multi-decade project. meanwhile every line of legacy code is a ticking time bomb. honestly think the bigger issue is detection - if you can't tell you've been pwned, memory safety doesn't matter much.