Coverage-guided fuzzing is extremely powerful and has proven to be very effective at finding oodles of vulns. But it is not perfect. You'll fail to drive the code to a bug or run into limitations of the sanitizers to actually detect a vuln.
You can stand up fuzz targets at all of the relevant endpoints and throw tons of compute at it and still fail to find lots of things. The problem is unsafe languages. Apple is taking steps to get things moved to swift, but it is slow going.
You can stand up fuzz targets at all of the relevant endpoints and throw tons of compute at it and still fail to find lots of things. The problem is unsafe languages. Apple is taking steps to get things moved to swift, but it is slow going.