Lockdown is literally presented by Apple as being for people targeted by APTs like those developed by NSO Group, therefore I expect it to prevent attack vectors used by these APTs, like exploitation of the Developer program to facilitate sideloading malicious apps. I don't feel like this is an unrealistic expectation, and not having the mode actually do that amounts to security theater, which is a far cry from decrying everything as such.
> I expect it to prevent attack vectors used by these APTs
It does, it just doesn't close all attack vectors used by APTs.
They say[0]:
> Turning on Lockdown Mode [...] further hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware.
They don't say "turn this on and you'll be unhackable". They go on to say:
> Apple will continue to strengthen Lockdown Mode and add new protections to it over time.
So what they released in the current beta is just the start.
They decided that releasing Lockdown mode with only some additional protections would be worthwhile to at-risk users and I personally agree.
It's both true that Lockdown likely helps at-risk users (see reply by _kbh_) and still has lots of room for improvement.
It does, it just doesn't close all attack vectors used by APTs.
It's an ongoing problem with the pathological Apple-haters that they imagine that Apple says or promise something, and spread that falsehood all over the internet, when in realty Apple promised no such thing. They see what they want to see.
In addition to the thread above, another example is the dozens and dozens of times on HN where they claim that Apple promises that its app review process will keep 100% of malware out of the App Store. Apple doesn't make that claim. It says that app store reviews help prevent malware.
It's like discussing politics at the Thanksgiving table. People hear what they want to hear.
> Lockdown is literally presented by Apple as being for people targeted by APTs like those developed by NSO Group, therefore I expect it to prevent attack vectors used by these APTs, like exploitation of the Developer program to facilitate sideloading malicious apps. I don't feel like this is an unrealistic expectation, and not having the mode actually do that amounts to security theater, which is a far cry from decrying everything as such.
These APTs overwhelming use RCE vectors that are less obvious then side loading apps, iMessage is probably the most popular and I would hazard a guess that other popular messaging applications (WeChat, signal, telegram, etc) and safari would be next.
