Nice list, but I'm just failing to see how this makes Windows any more of a Swiss cheese than macOS especially in its current state is. All systems of this level of complexity are bound to have vulnerabilities, and what matters is the ease of exploitability and the extent of damage, plus how fast they are patched (this is something where Apple deserves kudos on the passwordless root issue, but not so much in the Rootpipe case where relatively fresh versions were left unpatched) On this scale e.g. passwordless root login is rather severe. And of course there are more vulnerabilities listed for Windows in Exploit DB as it includes also 3rd party applications that run on the platform. There's quite a deal of those on Windows. If you look for them, there's plenty of macOS vulnerability information and hacking techniques available, so by that measure it falls into the same Swiss cheese category. Some examples:
https://www.blackhat.com/docs/us-15/materials/us-15-Wardle-Writing-Bad-A-Malware-For-OS-X.pdf
https://www.macrumors.com/2017/03/16/researchers-macos-safari-exploits-pwn2own-2017/
https://arstechnica.com/information...-x-comes-under-active-exploit-to-hijack-macs/
https://en.wikipedia.org/wiki/Rootpipe
https://www.cso.com.au/article/6280...keychain-hacked-secdevops-gets-reality-check/
https://thehackernews.com/2015/09/hack-macos-gatekeeper-security.html
I like the Wardle List! REALLY Cute presentation; but out of date, and a lot of third party vulns included.
BTW, I selected only Google Hits from 2017 (and only from the first page) for the Windows stuff I linked. In contrast, the blackhat, Ars Technica articles were from years prior to 2017. So, you obviously had to "dig deeper" to find examples... Hell, the blackhat slideshow had to start back at the Apple ][ !!!!! And Rootpipe, while definitely hanging-around TOOOOO long, is also ancient-history, being finally successfully patched in 2015. Similarly, the Gatekeeper vuln. is from 2015, as well (blows dust off of links...)
And yes, I admit that big list on my first Windows link had a lot of third party (and even other platforms!) stuff listed; but you are listing a lot of third-party vulns, too... (Jus' Sayin'...)
In the pwn2own contest, Targeting Safari, while an Apple App, is not the same as targeting macOS itself. Hardly comforting to the pwnee, though!
So, I'm sorrry; but while macOS isn't bulletproof, I still submit it has a MUCH better track-record overall than ANY version of Windows, up through, and including, Windows 10.
