Why hasn't Apple rewritten libtiff, libpng, libjpeg, libwebp, et c in Swift?
Their flagship moneymaker keeps getting popped via these, and they have thousands of engineers and a memory safe first party language. The zeroclick from a few weeks ago relied on a chain, the second most important of which (CVE-2023-41064) was in libwebp. (The first most important was a kernel privilege escalation. XNU is c and cpp, of course.)
I really can't imagine that writing performant replacements for these libraries would be that daunting a task for them, and it would permanently shut down an entire class of repeated, ongoing vulnerabilities. I really don't understand why Apple relies on 3p code for format parsing/decoding when it has proven over and over again to be a source of brand damage.
I’m gonna guess apple has considered the ROI on this, the negative publicity can’t be good for them but in the context of apple id somewhat agree. I consider iOS probably more secure than desktop operating systems, and it’s the Crown Jewels of my life.
Curl is maintained by a much smaller set of people, and is delivered for free.
I'm talking about for use in Apple's first-party apps, like PassKit/Wallet, which is how the zeroclick happened recently. Apple gets to choose what codecs PassKit uses.
They also use them in Safari, AFAIK.
I'm also pretty sure most consumers of them are using them via ImageIO, which is under Apple's exclusive control.
Swift is probably not quite good enough for that type of library actually. There was a lot of hype about it being an everything language, but I'm not sure if it actually is for a low level graphics decoding library. For example, a core internal library of SwiftUI is written in C++, ActionGraph, and that is a pretty new thing!
Also apple can be slow to write things in new coding languages internally, there is a lot of stuff still in Objective-C and will be for many, many years.
Let’s wait and see what the vulnerability is. Maybe it doesn’t have anything to do with the pitfalls of C. But if it does, expect to read a lot more comments like this.
Why hasn't Apple rewritten libtiff, libpng, libjpeg, libwebp, et c in Swift?
Their flagship moneymaker keeps getting popped via these, and they have thousands of engineers and a memory safe first party language. The zeroclick from a few weeks ago relied on a chain, the second most important of which (CVE-2023-41064) was in libwebp. (The first most important was a kernel privilege escalation. XNU is c and cpp, of course.)
I really can't imagine that writing performant replacements for these libraries would be that daunting a task for them, and it would permanently shut down an entire class of repeated, ongoing vulnerabilities. I really don't understand why Apple relies on 3p code for format parsing/decoding when it has proven over and over again to be a source of brand damage.