> memory safety is not a great concern on phones because applications are sandboxed. And that's correct. If an application is stuck in a sandbox it doesn't matter what that process does within its own process space. Smartphones taught us what we already knew: process isolation works.

I thought we learned that this doesn't work after the iOS 0-click exploit chain running "sandboxed" app code in the kernel.