alt Hacker NewsIt is fairly true, what is your definition here? The main attack vector today is malicious mails being opened. These usually don't target linux systems and fail to execute.
Sure, it is circumstancial security, but exploits exist for mobile devices as well.
Media decoders are an important attack vector. Examples include PDF viewers and the library that produces thumbnails for display by the file browser. (One way to attack a media decoder is to get the user to open a malicious email, but there are other ways.)
The web browser is an important attack vector, and there are no Linux distros that sandboxes the browser anywhere near as effectively as Android and ChromeOS do except maybe Qubes, but Qubes is stuck using X for the display server and using Zen, both of which have been abandoned by their maintainers and aren't receiving enough maintenance attention to fix security vulnerabilities. I.e., Qubes's reputation for security probably comes from the fact that it was relatively secure many years ago.
Android and ChromeOS use selinux to sandbox the browser. Fedora uses selinux, too, but it only sandboxes server software: any program including a web browser started by the user is unconstrained (unaffected) by Fedora's selinux implementation.
The kernel is another important attack vector (and Linus has always been bored by and impatient with security considerations.)
Ditto the C library. Note that GrapheneOS uses a special, hardened C libary (which in the last few years has migrated to at least one security-focused Linux distro, namely, secureblue, but of course none of the people that show up here on HN proudly proclaiming that Linux is more secure than iOS or Android use secureblue, and the lead of the secureblue project freely admits that MacOS iOS Android and ChromeOS are more secure than secureblue is).
You know how one of the arguments for Wayland is the fact that there is no way to prevent any process from reading the contents of any X window? Well, to actually achieve this "window privacy" inherent in Wayland requires active support from the compositor, and Gnome has the only Wayland compositor that actually provides this support.
Till the vulnerability started getting exploited some time last year, anyone could upload a theme to KDE's theme store that could run arbitrary code when the user chose to install it. No one was reviewing uploaded themes for malware or warning users of the danger.
Hyprland uses a trampoline (files at a known location in the file system that are occasionally executed by Hyprland) for reasons that are hard to explain if we assume that Hyprland's maintainers care anything about security.