To be fair, this isn’t just happening out of the blue. Apple had a bunch of zero day, no click vulnerabilities from its media decoders, which were some of the original Pegasus vectors. Complex media rendering is a very legitimate security concern, particularly in the browser space on general purpose machines. IDK if doing a full RUST implementation is the right answer, but the idea of not wanting to add a massive potential attack vector for redundant functionality is not completely insane.
To be fair, this isn’t just happening out of the blue. Apple had a bunch of zero day, no click vulnerabilities from its media decoders, which were some of the original Pegasus vectors. Complex media rendering is a very legitimate security concern, particularly in the browser space on general purpose machines. IDK if doing a full RUST implementation is the right answer, but the idea of not wanting to add a massive potential attack vector for redundant functionality is not completely insane.