Is suspect Apple’s experience with Blastdoor[1] has made them unwilling to go that route.
Blastdoor is meant to provide a secure sandbox for processing images and other data that arrives in iMessages. Puts all the potentially dangerous format decoders in a little box, and viciously kills anything that starts behaving odd when passed something to process. It certainly improved iOS security, but also quickly proved to be less than bulletproof, mostly due to just how much freedom older image formats provide.
Ultimately code that isn’t in the OS can’t be exploited. Images decoders have a long history of being exploit vectors that are very hard to close. At a certain point simply not shipping them is the best course of action, doesn’t prevent people from adding them later, but at least only those who need the functionality are in the firing line (which reduces the incentive for exploiting those formats, and indirectly ends up providing further protection to those that need to work with the formats).
Blastdoor is meant to provide a secure sandbox for processing images and other data that arrives in iMessages. Puts all the potentially dangerous format decoders in a little box, and viciously kills anything that starts behaving odd when passed something to process. It certainly improved iOS security, but also quickly proved to be less than bulletproof, mostly due to just how much freedom older image formats provide.
Ultimately code that isn’t in the OS can’t be exploited. Images decoders have a long history of being exploit vectors that are very hard to close. At a certain point simply not shipping them is the best course of action, doesn’t prevent people from adding them later, but at least only those who need the functionality are in the firing line (which reduces the incentive for exploiting those formats, and indirectly ends up providing further protection to those that need to work with the formats).
[1] https://www.macrumors.com/2021/01/28/messages-blastdoor-ios-...