1. Forum
  2. Newsgroups
  3. comp.mobile.android

  • Important distinction between Android & iOS about zero-click kernel exploits

    From Marion@mariond@facts.com to misc.phone.mobile.iphone,comp.mobile.android on Wed Oct 29 11:36:50 2025
    From Newsgroup: comp.mobile.android

    FACT:
    There is no publicly disclosed, independently verified Android kernel zero-click exploit attributed to Pegasus/Chrysaor comparable to the iOS
    kernel zero-click chains. Published technical analyses of Pegasus for
    Android document implants and privilege-escalation techniques but do not publish a confirmed Android-kernel zero-click chain.

    FACT:
    Android has many publicly disclosed kernel vulnerabilities and
    non-zero-click (staged or user-interaction) exploits, and technical reports
    on Android Pegasus document staged privilege escalation; however, none of
    the primary, independent technical reports publish a verified, fully remote zero-click Android kernel exploit attributable to Pegasus/Chrysaor, while multiple authoritative reports document iOS zero-click kernel chains.

    REFERENCES:

    iOS zero-click kernel exploits are well documented in the public record. https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html
    https://citizenlab.ca/2021/12/forcedentry/

    Android zero-click kernel exploits are not known to exist in any public analyses of Pegasus/Chrysaor exploits (which requires more references): https://www.forensicxs.com/wp-content/uploads/2021/05/lookout-pegasus-android-technical-analysis.pdf
    https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf
    https://tech4humanitylab.clahs.vt.edu/wp-content/uploads/2025/03/Occasional-Paper-1.pdf
    https://www.slideshare.net/slideshow/lookout-pegasusandroidtechnicalanalysis/74542989
    https://arxiv.org/pdf/2404.19677.pdf
    --
    I don't defend iOS nor Android - as all I do is say the truth about both.
    --- Synchronet 3.21a-Linux NewsLink 1.2
  • From Marion@mariond@facts.com to misc.phone.mobile.iphone,comp.mobile.android on Fri Oct 31 19:54:16 2025
    From Newsgroup: comp.mobile.android

    Chris wrote:
    Lack of evidence isn't proof that something isn't happening.

    Classic *desperate* excuse by Apple trolls who hate the truth about Apple.

    It's clear that you Apple trolls *hate* that Apple brazenly lied to you.
    You're *desperate* to find a way to claim the kernel is NOT insecure crap.

    Trust the world, Chris, that if the Android kernel was as insecure as the
    toxic iOS kernel to zero-click exploits is, the world would talk about it.

    Zero-click pegasus/Chrysaor exploits just do not exist on the Android
    kernel. They only exist on the garbage insecure iOS crapware kernel, Chris.

    The point is not that the iOS kernel is well known to be insecure crap.
    The point is Apple locked you up in the iOS prison "for your security".

    And yet, you got no security.
    Why not?

    Apple lied.

    As for Android exploits, there are more recent reports on Pegasus targeting Android, but none publicly document a verified zero-click Android kernel exploit attributed to Pegasus. The newer analyses continue to emphasize privilege escalation and delivery mechanisms, but still fall short of confirming a fully remote, zero-click Android kernel chain.

    Unlike you Apple trolls who can't seem to find a search engine, I looked
    far and wide and while it's trivial to find iOS zero-click kernel exploits
    by Pegasus, nobody on the planet has yet reported the same for Android.

    MAG212 (Aug 2025)
    While it confirms Pegasus's ability to compromise Android devices, it does
    not document a zero-click Android kernel exploit. It reiterates that iOS infections often use zero-click chains via system parsers like iMessage and ImageIO

    ThreatCure (Jan 2025)
    Details Pegasus deployments exploiting WhatsApp zero-click vulnerabilities. However, the report focuses on application-level exploits, not kernel-level chains. It does not attribute any Android kernel zero-click exploit to
    Pegasus

    iVerify Report (Dec 2024)
    Identifies Pegasus infections bypassing Apple's threat notifications, again emphasizing iOS zero-click chains. Android is mentioned, but no
    kernel-level zero-click exploit is documented

    HAL Archive (2025) and arXiv (Apr 2024)
    These academic papers analyze Pegasus's implications for digital privacy
    and security. They discuss Android infections and privilege escalation but
    do not publish any verified zero-click Android kernel exploit chains

    REFERENCES:

    MAG212 (Aug 2025) https://mag212.com/data-breaches/pegasus-under-the-hood-how-zero-click-spyware-lands-operates-and-how-to-fight-back/
    ThreatCure (Jan 2025) https://threatcure.net/analytical-report-pegasus-spyware-deployments-targeting-whatsapp-in-january-2025/
    iVerify Report (Dec 2024) https://cybersecuritynews.com/pegasus-spyware-used-widely-to-target-individuals/
    HAL Archive (2025) and arXiv (Apr 2024) https://hal.science/hal-04614882v1/document
    https://arxiv.org/abs/2404.19677
    --- Synchronet 3.21a-Linux NewsLink 1.2