Comment by dadrian

There's plenty of evidence that this type of attack surface (parsers operating on untrusted data received over the Internet) is fixable, even at Big Tech scale. The most obvious example is Microsoft Office in the early 2000s and the switch to the XML-based format with newer, easier-to-implement and ideally memory-safer parsers. That's not to say there's no bugs in Office anymore, but it's certainly much much better than it was.

Microsoft figured it out. Apple can do it, too.