Proposed: a memory-safe, pre-decoder validator layer for media inputs (MP4, MOV, etc) that Apple could deploy without changing existing decoders.<p>Eliminates a class of zero-click exploits. No format breakage. No patching.<p>https://jam2we5b3a.medium.com/this-is-the-future-apple-should-already-be-shipping-054c69d78e50
Most media decoders still process unvalidated files — which keeps zero-click attack surfaces wide open.<p>This write-up outlines a minimal architectural fix: a structural validator that intercepts files before decoding begins.<p><pre><code> It needs no decoder rewrites
It's format-agnostic (MP4, MOV, PNG, etc.)
It works with existing delivery paths (AirDrop, Mail, Safari)
And it could be deployed today
</code></pre>
Curious what others think: Why hasn’t this already been adopted? Would Apple (or anyone) ship it?
Doesn't this move the validation step from each decoder to this sort of universal validation app (maintained and audited by who?), and would require every app to pipe its documents through it first, or else require an OS level change to make this an integral part of the "open file" workflow? It's almost like an anti-virus program.<p>If validating media integrity is as simple as checking a few bytes in the header, the decoder could already do that on its own.<p>Presumably there are attacks in media that look valid but cause subtle decoding bugs that then escalate into more serious things. How would this proposal catch those without an in depth understanding of each codec and version's possible failure modes, per operating system and hardware combo? The people who typically know that the best are already on decoder or security teams, and this just moves their work to a separate project where they'd have to integrate their checks and preventive measures alongside every other format's. Seems like a lot of work?