My iPad mini 2 is also getting regular security updates, and that was launched 10 years ago . The problem isn't the OS, it's all the apps - even though it is compatible with, and runs Netflix and Disney Plus, both apps crash after about 15 minutes of use, which defeats the point of this iPad for me(cartoons playback device for my kid). It's a shame.
It frustrates me because it seems like the opposite of mindful engineering.
I feel like that's the "we don't give a shit about resources" development mantra for you, banking on the ever increasing hardware limits that everyone will purchase in never-ending ~2 year cycles.
"Ah, it's a nice morning with so many free gigabytes of RAM, calm CPU cycles and sunshine. Let's slap a few questionable libraries and a bunch of chatty analytics modules into the build."
It doesn't help that a lot of major businesses work with contractors and consultants in relatively short-term gigs where feature development is king even if your application is reasonably feature complete. It's hard to improve a complex application if your domain knowledge and technical knowledge isn't quite there due to short time spent at the company (and likely no real personal invest in the product).
Also, in mid to large sized companies, constant unwarranted changes to please a fat layer of middle management which needs to pretend to have some sort of impact may lead to crappy development. Let's just change the UI and UX for the sake of it with 5 additional libraries, 2 more processes so that manager XYZ has something to show for his PowerPoint presentation. Don't you dare work on technical debt and refactoring, we need new features to make management happy!
Excluding possible external dependencies that might have broken or standards that might have changed, what did Netflix REALLY add to their app from a user perspective since it ran perfectly well on the iPad mini 2 in 2014?
If their analytics say that they have 42 people using a 10 year old iPad, they're not going to spend the resources to a) source a similar iPad b) have QA and developers figure out what the issue is and implement a fix.
It's just not cost-effective.
I've heard of cases where mobile game firms have actually given high spenders a new modern device for free instead of dealing with the issues caused by their relatively ancient device :D
We ended up getting a £50 Amazon Fire 7 tablet for that use case in the end, because despite restoring the ipad to factory settings and setting everything up from scratch, it was still crashing in the streaming apps. The Fire 7 is slow but works for the desired use case fine(and even has expandable storage, so I can just download loads of shows off netflix for the kid to watch without internet access).
Even worse. I got an old ipad to share the screen of my iphone. End of story is it doesnt work because apple isnt updating the protocol. Even worse I cant share the internet of my phone because they have different hotspot protocols .
Fuck you apple. Even in the apple universe compability sucks
If you’re looking to project your phone screen onto the iPad, I don’t think that’s ever worked. I have a newer iPhone and iPad running the same OS and they can’t do that either. Only Apple TV boxes and macs can act as screen mirroring targets without third party assistance.
As for the hotspot, I don’t see why the old iPad shouldn’t be able to connect to your phone’s wifi as long as you have “Maximize compatibility” enabled. I think I’ve had circa 2008 devices connect to my phone that way but I’ll have to test to see if I’m misremembering or not.
Can these still be connected to the AT&T or Verizon networks? When I tried attaching one in 2020 they immediately disabled my sim card (irreversibly) and when I called support told me it was much too old and I must get a newer phone (thanks a lot, ATT).
To be fair, this is often the claimed solution with AT&T and at least sometimes I'm certain it's BS (e.g. for a Samsung S10e, Verizon told my elderly friend the same thing last year). Hence my question.
No, they can't be connected to AT&T, Verizon, or T-Mobile in the US. Both of them have shut down their 3G networks so phones that don't support VoLTE won't work (and it seems like carriers don't want to take on the liability of letting someone have a data-only "phone" on their network that can't make calls in case of emergency).
In this case, it's not quite BS from AT&T. They wanted to use the spectrum they had been using for 3G to make their LTE network better and certain old LTE devices couldn't do voice-over-LTE (the 3G network would handle voice communication). One could argue that they could have kept the 3G network alive longer (Verizon and T-Mobile shut 3G down in 2022), but at some point old devices stop being able to talk on modern networks. At some point, there's a balance between keeping old networks alive and being able to reuse that spectrum for more efficient networks that serve the vast majority of your customers.
Many countries still have working 3G networks that the iPhone 5S can connect to and they can still be used as WiFi devices in the US (oh, and I'm sure there are some regional carriers in the US that still support 3G).
> No, they can't be connected to AT&T, Verizon, or T-Mobile in the US.
T-Mobile still has a 2G network operating in most of the country and the 5S supports voLTE so it can use both 2G and LTE for calls. It does not have any low band support, so indoor and rural coverage will suck, but it will work.
Even if it didn't have voLTE it would still work on T-Mobile on LTE data and if you were in a GSM market it would fall back to 2G to make calls. The stores won't activate it, but you can take an activated sim card and pop it in and they will not blacklist it.
T-Mobile technically still has 3G broadcasting on their femtocells so that's another option for calls/data if you're around them.
It's often not a matter of technical feasibility, but "is it on the list". Ideally things that could technically do it should be "on the list" but in reality it's probably a janky business process that decides what gets in and what doesn't.
It’s not a US-wide thing. There are mobile operators and MVNOs that don’t seem to care what device you use as long as it supports their network. T-Mobile in the US tends to be fine with this, as are many of the MVNOs that use their network. It’s common to use devices especially from other regions that don’t support the cellular bands used in some newer coverage areas, etc.
I suspect the policy is to slowly force everyone to 5G (and every successive generation) ASAP because they make more money per line due to lower cost to serve each device (more connections served per base station translates to needing less infrastructure and a better COGS ratio).
I'm all for cynicism, but it really is true that spectrum is a limited resource and turning off 3G service means you can repurpose that spectrum for newer standards. If we never shut off old generations of wireless standards, eventually the spectrum would run out and we could never upgrade anything.
I also don't really understand what you mean by "slowly force everyone ASAP". That's sort of a self-contradictory phrase.
I like what I've heard European carriers are doing. Leave 2G GSM up in the smallest block possible. Turn off 3G, mix LTE and 5G as appropriate (I think they're easier to mix within a band than earlier standards).
Almost everything supports GSM, so almost everything can manage, and then nobody needs to throw out their 2G only (or 2G/3G) car junk or power meters or who knows what else. Yeah, it's going to be slow, but whatever; people who want something better can upgrade in most cases, and the 2G usage can't be that high anymore. Carriers could even gasp cooperate and allow roaming on 2g, so you didn't need three of four different networks each spending a sliver of spectrum on it.
Back around when AT&T was first making noises about killing 3G and telling me I needed a new phone, I bought a T-Mobile prepaid SIM just to try it out. When I put the SIM in, the phone lit up like a Christmas tree with features that AT&T wouldn't allow (because it was a non-carrier phone). I since switched over and haven't looked back. Course it also helps that I've now got a T-Mobile tower on the same hill as my house, 1/4 mile away, and I live in a pretty rural area. So it's as if I have my own private tower. I regularly get 700-800mbps down on my phone at my house.
Living in a rural area, proximity to tower is just huge. We have the choice of either HughesNet for internet or pointing a Waveform antenna at a T-Mobile tower 7 miles away. We get 40 down and 2 up with the Waveform which is enough for zoom calls and is way more capable than HughesNet. If we didn’t have line of sight to the tower it would be so much worse.
I don't think I'd use those words to describe locked down hardware. You'd be stuck with a 5+ year old browser that you can't upgrade because Apple bans other browsers from running on iOS, you wouldn't be able to install modern apps because the App Store stopped distributing packages that are compatible with your phone and Apple won't let you install apps any other way, and you can't install a modern OS of your choosing to address either of the first two issues. You're also stuck with old or non-existent drivers for any hardware you might want to use.
Meanwhile, I have 12+ year old Macs that still work great, have up-to-date browsers, can install any app, and can run the same modern software that my 6 month old machine can.
iPhones make sense from a reduce and reuse (as an egg timer) standpoint. Apple can clearly build products that can stand the test of time and still be genuinely reusable, but those products aren't iPhones.
> you wouldn't be able to install modern apps because the App Store stopped distributing packages that are compatible with your phone
As of at least 2 years ago, I was able to dust off an old first gen iPad from 2010 that last got updated in 2012, reset it and log on and download the “last compatible version” of apps like Netflix, Crackle, Hulu, Plex, and Google Drive.
> You'd be stuck with a 5+ year old browser that you can't upgrade because Apple bans other browsers from running on iOS
You never tried browsing modern websites on older iOS devices have you?
> You never tried browsing modern websites on older iOS devices have you?
I have, it's how I learned that WebP images still weren't safe to use because Safari didn't support them until ~2020. Encountered a lot of pages that were just blank white documents, assuming it's because they failed to render the markup or whatever frontend frameworks they used weren't compatible.
I'm basing my post off of my experiences of trying to reuse old iPads.
What you can use it on does deteriorate though, since tons of new apps require iOS 14 or 15 to even run, and if there is an app with an iOS 12 version, it might just be out-of-date with the remote UI. I suppose that, if your use case for a phone is running the apps and websites of "today", then you must upgrade at least somewhat regularly.
The iPhone 6S (and the OG iPhone SE) still run iOS 15, so should be usable for maybe 2 more years. It was released in 2015, so could come close to 10 years of practical use. Note all iPhones fare equally well, but you should probably be able get 6+ years out of any model.
The point of comparison are Android smartphones and those only used to get 1-2 years of updates. This is slowly changing with G. Pixel, S. Galaxy, and OnePlus providing a couple of major Android feature updates and ~4 years of security updates, but this still falls short of Apple's current 6 years of feature (iOS) updates. In that context iPhones make more sense from the "reduce" perspective if they're kept in use for the entirety of their useful life.
The apps you've already had installed continue to run just fine. The device is getting security updates so you don't have concerns there and the device was built rugged enough to still be used years later.
Can you run all the latest apps? Maybe not, but are you confident any device you currently have can run the apps that will be released ten years from now? In the case of Apple you know that the apps you're running right now you'll still be able to run ten years from now. That's the difference, and for a lot of people that's perfectly fine. There are still a lot of people quite happily running their early gen iPads, for instance. It still does everything they need it to do.
Where Apple is setting themselves apart is not forcing you to buy new hardware because you need critical security issues fixed. If you want new functionality and features, sure, you may need to buy new hardware - but you shouldn't have to buy new hardware to get security vulnerabilities resolved.
In theory, but in practice it doesn't work. I have an iPad Air 1 stuck on iOS 12 and it's basically useless since probably 75% of the apps you might want to install either refuse or don't work. All things that worked fine during its supported lifetime.
I only use it as a web development testing device since I like to maintain compatibility with older devices even if the userbase is trivial.
I have an apple watch series 3 bought within the past two years. Using it prevents me from using E2EE icloud backups: a feature I badly want. No technical explanation is given as to why this is the case and I fail to think of one. What does come to mind is: new feature is a carrot to buy new devices.
I don’t want to blame you for a situation that Apple intentionally made confusing, but there is no reason you should have bought that device in the last four or so years. It was pretty clearly on the road to being obsolete sooner than later, and unsurprisingly it lost support pretty much the day Apple stopped selling it.
I have the same watch, same issue. Just discovered it tonight while trying to enable E2EE. Presumably it’s because the 3 doesn’t receive watchOS updates anymore as a discontinued product, so it can’t participate in the new E2EE “pipeline”
It might become the norm, but probably only via EU legislation. The EU is proposing 3 years of updates and 5 years of security updates. We'll see if it happens.
Without legislation, it probably won't become the norm. With Apple, they know they will capture the value of future device purchases since if you want an iOS device, they're the only seller. Margins can be better since they're the only seller which leaves more money to support the product long term. Long-term support positions them as a premium product.
One of the big issues is that Google can't patch an issue and then push it out to everyone. They need buy-in from phone manufacturers and even carriers who have customized Android. Apple doesn't need any coordination. They can update iOS when they want to and they control all the hardware it's running on.
Yes, you'd think that competition might lead people to become loyal to one Android manufacturer if they provided longer-term support, but I think the ecosystem encourages shopping around for the best deal/promo rather than brand loyalty and money spent on long-term support makes products more expensive.
I think part of it is even a different market segment between iOS and Android. I think a lot of iOS users are people that want something that just works that they don't have to worry about and are willing to pay for a premium product that does that. I think Android users are split between power users who want to upgrade frequently (negating the utility of long-term support) and low-end users who don't care or need to prioritize purchase price over updates/security. Again, needing 2-3 parties involved for updates makes them more expensive, more difficult, and less likely to happen.
Part of it is simply the Apple experience. Apple Stores aren't cheap. Apple could use cheap materials and try to build stores that look and feel like most retail. That's not their game. They're looking to sell a premium experience and part of that includes long-term support. Of course, that comes with a price. It's easy to find $100 Android phones, but not $100 iPhones.
> Of course, that comes with a price. It's easy to find $100 Android phones, but not $100 iPhones.
A $1,000 Android phone will likely be slower and supported for less time than a $400 iPhone, however. Most of the Android users I know spend the same or more on their phones, they just have to replace them more frequently.
This means that the price comparison is usually the iPhone 1-2 generations back - for example, if you were considering a Samsung Galaxy S22 you could get a faster CPU with a $100 iPhone SE (2nd generation) rather than the current model.
A $350 Pixel 6a would be as fast for any tasks as any current iPhone and would feel faster due to really slow iOS animation and scroll speed. It would also have a better camera than any current iPhone according to mass consensus in MKBHD blind tests (it won the first place). After Apple stops supporting the iPhone, Pixel will chug along on GrapheneOS or similar.
I am looking for such a phone so I looked into this. To make a comparison to the 6A: the Pixel 3A was released in May 2019. Just over 3 years later: it is no longer supported (no updates available) by Google in any way . GrapheneOS lists it as "obsolete" .
I did look a bit more and it does appear LineageOS could work as a long-term alternative OS. I'm a bit hesitant after reading about some of the difficulties imposed by missing google's Playstore and "Safetynet" (sounds like my banking app won't work) but will explore using this on the 6A.
Look, it's okay to have a side you root for due to emotional reasons but this is just silly. When the Pixel 6a was introduced in 2022, its performance was somewhere in between the 2017 iPhone 7 and the 2018 iPhone XS. No magical thinking about "scroll speed" is going to make up for that underlying performance gap.
Since this is a technical forum, I am going to plug the blog post Alex Russell (not usually described as an Apple fanboy) made about real-world performance for web developers. One of the challenges we have is that normal people hang on to phones for a while and that's especially true for people who buy cheap phones since they often can't afford to buy a new one every year. When a developer testing on an “old” iPhone has a browser which runs code faster than the current flagship Android phone (iPhone XS ~= Galaxy S22), that means that they effectively have no idea what the web is like for a person using a $200 phone which they've had for a few years. There's a great chart here:
Now, the Pixel line does have a decent camera so that's potentially a plus but it's not really relevant to the device's capabilities or long-term support situation. It's also unlikely that a single test is telling you that such an old sensor is really the best thing in the world rather than Google's ML pipeline is good at adjusting images to make them appealing to phone users.
CPU doesn't matter, all the users do these days is consume content using native apps, what "heavy" web sites do you use on daily basis on your phone? I wasn't talking about specs at all, but it's nice to see iPhone users using specs to defend their choice for once (but remember, it still doesn't matter how much memory iPhone has). Yes animation and scroll speed does indeed make modern Androids feel significantly faster, that's a very common complaint for people switching to iOS on Reddit and same reason I couldn't do it.
Also, sensor doesn't matter, what matters is millions of people watching MKBHD channel think Pixel 6a makes better photos than 14 Pro Max, regardless of sensor.
For $400 you can buy a touch ID SE with 60Hz screen and camera that is ages behind what $350 Pixel 6a will give you. Ultimately it doesn't matter what you use I just hate the Kool aid "Apple has no competition" thinking, it's not like that and never was since at least 2016. Even price alone there are more expensive android flagmans than iPhones and some people go that way, so it's not just poor people choice or whatever Apple elitists tend to think.
CPU does matter, as even a little research will show: having a CPU which is twice as fast means that the most common thing people do - use the web & “native” apps which use web views - is noticeably faster. It also makes your battery last longer.
> Also, sensor doesn't matter, what matters is millions of people watching MKBHD channel think Pixel 6a makes better photos than 14 Pro Max, regardless of sensor.
The number of views doesn’t mean that everyone voted (at 5-15 minutes per test, I’d be surprised if it was anywhere near), and it especially doesn’t tell you that a camera is better in absolute terms. His test methodology is randomized, which is good, but it shows small images side by side and they’re not perfectly consistent on composition. That favors certain types of image: higher contrast, brighter colors get the quick wow, very few people are likely to zoom in enough to notice noise or loss of detail, and that last part is especially important as ML processing becomes the norm - one thing people have commented on are the subtle processing artifacts (often described as smudging) that can produce which aren’t obvious at first glance.
That doesn’t mean that this is wrong: a ton of photos are never viewed at larger than the Facebook/Instagram default thumbnail size, and punchier photos stand out in those galleries, but it says that a single test giving a single ranking is incomplete. There’s also a selection bias concern: his audience skews towards Android users who are going to be accustomed to the camera, processing, and color matching of those devices. Familiarity matters a lot when you’re making a ton of rapid comparisons.
> For $400 you can buy a touch ID SE with 60Hz screen and camera that is ages behind what $350 Pixel 6a will give you
Ah, yes, through my amazing power of getting data rather than assuming that my preferred brand is best, I can see the iPhone SE’s 60Hz screen pales before what Google calls “up to 60Hz”:
Sigh, I was sure 6a had 90Hz screen, I apologise, should have checked (probably kept thinking of regular 6, but that's more than 400 and a worse deal). You're likely right on your other statements as well, have a nice day.
Ha! I just retired my Mom's 5S and got her an S22 for Christmas. And a pre-paid plan too the phone company was consonantly sending texts suggesting she change to monthly.
That thing was a tank it was OK until about a year ago then the battery got noticeably worse. Not bad for someone who always let it die all the time always charge only when 0%. She almost always used it just for voice calls a few texts no web (no data plan).
No OS updates for a while too. So it was risky I thought to keep it going. Android is much easier to deal with. Although the ringtones and notifications are all different she has to now learn after almost 10 years of iPhone to new sounds by Samsung.
Samsung promises updates to the S22 for five years after introduction (which means until February 2027 assuming we're talking about the standard version introduced in the beginning of 2022 and not a later model).
Let's not give Apple too much credit here. There's some documentation out there about how older iOS machines don't get _all_ the security fixes. I think they get fixes for the biggest issues that get uncovered, but it seems pretty piecemeal.
Definitely better than most Android operators though, at least that's my impression.
Apple makes no promise of support for any of its products and never has.
I would much rather use an Android device from a manufacturer or a desktop OS from Microsoft that is actually up front about their support lifecycle, than go with Apple that does not publish this at all.
Some Apple devices have had much longer support lifecycles than others, and I don't think that's OK given how expensive their devices are.
An iPhone 6 was supported through 5 major iOS versions (including the version it was shipped with).
An iPhone 6S released a year later was supported for 7 major iOS versions.
An iPhone 7 released a year later again was only supported for 6 major iOS versions.
This wasn't documented anywhere when people bought those devices.
Security updates for older iOS devices and macOS versions are sporadic and often incomplete.
Samsung announced that their mainline phones and tablets from 2019 onwards would receive at least four years of security updates. We are now entering the fifth year of the life for the oldest of those devices, so we can already see what they actually delivered. No need to cast aspersions.
You are saying it as 10 years of updates is a norm with Apple phones, but it's not. If you read the article, it says that they believe their security issue might have been 'actively exploited'. Companies do release security updates in these exceptional cases to old phones. They don't give a 10 years 'guarantee', yet.
The Android phones I had so far never got anything beyond 3 or 4 years. I have an Apple 7plus that's turning 7 this year and pretty sure that won't be the end of it. It still gets regular security updates. As in every other week.
When iPhone started, it only got two years of updates. Then some got 2, 3, 4 or 5 years of updates. Android is fundamentally different and has to support thousands of devices, if a manufacturer is still giving 5 years of guaranteed updates, it's great, and this will only get better with time.
"Android's" track record? Are you sure you don't mean a particular manufacturer or OEM's track record? Because every company that makes Android phones does it differently. Here, Samsung delivered more than they promised:
Google has been reliably delivering OS and security updates for the promised timeframes on their Pixel phones. I've run a few different models out to the end of their promised support window and updates were timely for the duration.
My Galaxy A51 just got Android 13 and the corresponding security update for January and this was a mid-range Android phone first released over 3 years ago. It's supposed to get more security updates after this although no more full Android versions (not like I can really tell anyways). So yeah, there are Android phones with more than 18 months support.
They length of time an update is supported isn’t the time from first release, it’s the time from last sale.
If a phone is sold for two years, and I buy that phone at the end up the two years, then “two years of updates” means a day one purchaser will get four years of updates.
So while it’s nice that we can say “almost ten years old”, the reality is probably not more than seven years.
It’s why when you look at android manufacturers making update promises you need to make sure that they’re being honest, and similarly any legislation needs to specifically say that the mandatory update support period starts after the last sale of the device.
I dunno how things are now, but a few years back duration of updates were certainly linked to first release, not last sale, for at least most major manufacturers.
As an example of this:
In April 2019, I needed to rapidly obtain a device, and purchased a Samsung Galaxy J1 (2016) from a major retailer in Australia. I later discovered that this model had already been EOL for over a year when I purchased it. (It was released with 5.1.1, got its last security patch in November 2017, and was actively unsupported no later than March 2018. The handset should very obviously have been updated to Android 6, if not released with it—Android 6 was announced and in beta 7½ months before, and was the stable release 3½ months before, the handset’s January 2016 release.)
If a company is selling something and says "X years of support", that means X years of support, not "until date Y" where Y is date of release + X.
If android manufacturers are saying "X years of support" when they mean "supported until [some date]" then they are quite plainly false advertising.
I can find many sites that say that apple commits to 5 years of software support from the date of last sale, but I can't find anything on apple.com that matches that. I've found that they guarantee 5 years of hardware support (repairs, etc) from date of last sale, and then a further 2 years subject to hardware availability (presumably they stop purchasing/manufacturing parts). Note that I'm not talking about warrantee coverage (which varies but seems 1 year is standard?) just the actual ability to do repairs.
Based on this article and various others over the years, and the vast array of spammy infographic laden sites making up the first page of google search results, it seems like claims of ~5 years of major updates and a few more for security only is consistent, but again I can't find anything on apple's site to confirm that explicitly.
This gives the attacker control over the “renderer” process that handles the webpage inside a secured sandbox. So, the attacker has to then exploit the sandbox itself to gain more permissions. The renderer communicates with the parent browser process over IPC, and there are a lot of objects and communications channels between the two. So, a second bug in the browser process can be exploited by the (compromised) renderer process via IPC. Once successful, the attacker has full control over the browser and can do anything the browser can. Sometimes this is enough for the attacker; other times, they might exploit a third bug in the OS kernel to gain root access and thoroughly own your phone.
A JIT is not, by itself, unsafe. The problem is that maintaining the complex set of constraints and invariants necessary to generate both safe and performant code is extremely difficult, and one slip-up can mean generating code that breaks some invariant and escapes a safety boundary.
You can have simple JITs that are completely safe: they generate code to bounds- and type-check unconditionally and avoid fragile optimizations. But, if you want to go faster, you have to start dropping checks and performing aggressive optimizations (peephole, inlining, object layout tricks, …) and every new optimization is an opportunity to make a mistake.
PAC and friends are an effort to make the hardware support certain checks more efficiently. But again, as they are an extra check, there’s always the chance that they’ll be slower than the unchecked alternative; if so, you can bet that one day an engineer looking to get a 0.5% perf gain will try removing those checks (“safely”) and we’ll be back to square one.
> A JIT is not, by itself, unsafe. The problem is that maintaining the complex set of constraints and invariants necessary to generate both safe and performant code is extremely difficult, and one slip-up can mean generating code that breaks some invariant and escapes a safety boundary.
I mean… isn't that what unsafe means? A "memory-unsafe" language means a language it's possible to make a mistake in, not one where memory errors happen all the time.
The statement that a JIT is itself unsafe is tantamount really to saying that “compilers are unsafe” or even “interpreters are unsafe”. All a JIT really is is a way to execute code.
As an example, the Rust compiler has some [60+ open unsoundness bugs](https://github.com/rust-lang/rust/labels/I-unsound), meaning that there are many, many ways that a sequence of ostensibly safe code could be compiled into an unsafe executable (i.e. one which exhibits an unsafe behaviour like a double free). If you allowed malicious users to run Rust code on your machine, even without unsafe features and a limited standard library (as the case with JS in the browser), they could take advantage of these compiler bugs to escape Rust’s safety guarantees and whatever protections you put in place. And these bugs exist even though Rust itself is a safe language, and even though much of the Rust compiler is itself written in a safe language.
As your current sibling comment points out, most vulnerabilities are in the JIT. It’s certainly possible to exploit the browser itself with unsafe code it may be running, but a lot more probable that exploits take advantage of the runtime compiler(s) hosted by it. Rewriting even all of WebKit in Rust might benefit at the JIT level but it very well may not, because ultimately it’s still a hosted compiler for an arbitrary dynamic language.
Breaking the JIT is just the first step for most browser exploits. The JIT lives in the renderer process, which is heavily sandboxed in modern browsers. To do anything useful, an exploit usually has to compromise the browser process with a second bug (“sandbox escape”). Rewriting the browser part in e.g. Rust would be a great step towards closing off that avenue of attack.