Indeed, a small integer tag seems much more vulnerable than a C++ virtual table pointer.
On modern hardware, how much is the penalty for using magic numbers instead of small indices? (A magic number meaning a constant like 0x85adb9ad instead of 2). The compiler can't optimize switch(it->type) using a jump table, but I suspect that branch prediction and speculation makes this optimization barely relevant.
Assuming this was reposted 'automatically' you should have received an email from HN at the email associated with your HN account telling you that it was going to happen. At least I have received such emails in the past.
iOS has a lot of layers and mitigations both in software and proprietary hardware that aren't found in other systems. Keep in mind that this story would be 20 % the length on other systems, because "physical memory read/write primitive" would be a total break.
I should note that PPL is not designed to protect against the kinds of attack described in this article; it's really meant to prevent substitution of forged page tables and by coincidence the address chosen by the author ended up being unmappable due to an attempt to protect against virtual memory read/write in the kernel.
Let’s give a experienced group of hackers nearly unlimited budget to find security holes in your competitor’s products.
There’s of course, zero bias in that approach, none whatsoever. /s
If project zero spent even half as much time finding and fixing security exploits in Android as they do just finding exploits in IOS, Google would have a truly competitive product from a security perspective.