Grsecurity generally focuses on the kernel side of things, although it does include a number of userspace mitigations as well. Still, when you have such ripe primitives not even Grsecurity can protect you.
What we really need is to just have radically lower bug density. Buffer overflows need to die. UAFs need to be made far less common. The "distance" between vulns needs to be greatly increased. Having design and validation issues sitting smushed between a dozen memory safety issues is just not something you can deal with through software mitigation techniques.
An app like iMessage is just too sensitive (ie: unauthenticated communication with many image parsers) to be built the way that it is. Fundamentally it just can't be safe without core components being rewritten with memory safety in mind. Grsecurity and other mitigations would be an awesome defense in depth and would be particularly helpful to avoid subsequent privescs, but I'm far more concerned with "anyone can text me an image and own me thanks to 1990s style bugs".
I'm not convinced that that's true. All we know is that one vulnerability was a "buffer overflow" - pretty vague. If this were, for example, an overflow on the heap, which Grsecurity mitigations would even impact it? Improved ASLR? Mprotect restrictions? There are very few mitigations in the Grsecurity patches that even touch userspace in a way that isn't focused on kernel protection.
Maybe if it's a stack based overflow something like PAX_RANDUSTACK would have had some impact but it depends.
And in case this at all comes off as me thinking anything negative about Grsecurity, I assure you that's not the case. I proudly wear the "Grsecurity Cheerleader" badge that Spender threw my way over a decade ago.
What we really need is to just have radically lower bug density. Buffer overflows need to die. UAFs need to be made far less common. The "distance" between vulns needs to be greatly increased. Having design and validation issues sitting smushed between a dozen memory safety issues is just not something you can deal with through software mitigation techniques.
An app like iMessage is just too sensitive (ie: unauthenticated communication with many image parsers) to be built the way that it is. Fundamentally it just can't be safe without core components being rewritten with memory safety in mind. Grsecurity and other mitigations would be an awesome defense in depth and would be particularly helpful to avoid subsequent privescs, but I'm far more concerned with "anyone can text me an image and own me thanks to 1990s style bugs".