[kenferry]

It’s more like, if you send someone a photo, iMessage will decode the photo and display it. If the imaging library has a bug a maliciously crafted image may be exploitable.

iMessage has more integrations than that too. If you send someone a URL, e.g., the recipient will see a preview of the content.

iMessage does a lot to mitigate the attack surface, but people still get through.

[xvector]

Can Apple not rewrite the parsing components in a memory-safe language?

[hjnilsson]

Replacing libjpeg, libpng, h264 & h265 codecs etc. is a gargantuan task. Even if Apple employs another 200 rust programmers (which don't exist in the market – so not possible) it would take years before that project is close to finishing. So intermediate solutions are necessary until then. It is also likely a rewrite would introduce other security issues (not memory safety issues) which would take time to fix.

Rewriting these libraries is probably also a common good, that would be better done through open source initiatives.

[steveklabnik]

There are more than 200 people working on the Rust project itself. Depending on how you define “Rust programmer” there are already companies that employ that number of people individually.

That said you’re not wrong that it’s a gargantuan task that can’t be realistically undertaken, just you’ve really really underestimated the number of Rust developers.

[dannyw]

iMessage is also the only messaging app that triggers all its decode functions upon notification, because of its special privileged status.