[ghughes]

Rewriting would introduce new bugs; it would take a large number of engineering hours away from delivering shiny new things; and a formally correct version would probably be less power-efficient.

It won't happen because these targeted attacks don't affect the bottom line whatsoever. Nobody is switching to Android just because a journalist or NGO employee occasionally gets pwned.

[alkonaut]

It doesn’t really matter if there are 100 new bugs for every memory unsafety bug fixed. Those new bugs in an image codec would be hangs/crashes or incorrect rendering and that’s it. And that might be serious but it’s not a security vulnerability.