This is true, but becoming an increasingly less important factor because devices now ship with automatic updates enabled by default.
Personally, if I had to guess as someone who studies exploits for a living, I’d wager the device isn’t the most recent model and is probably a few years old, so there are likely known unpatchable bootrom or firmware bugs that can be used from their private arsenal without having to risk an actual zero day exploit.
Easier is a very relative term. It’ll be really expensive to use a genuine zero-day to do it. Such exploits are few and far between.
But known exploits that have been patched, but not applied because they didn’t update their phone, are plentiful enough.
Update your phones. Reboot them regularly, too.
This is true, but becoming an increasingly less important factor because devices now ship with automatic updates enabled by default.
Personally, if I had to guess as someone who studies exploits for a living, I’d wager the device isn’t the most recent model and is probably a few years old, so there are likely known unpatchable bootrom or firmware bugs that can be used from their private arsenal without having to risk an actual zero day exploit.