What is dumb about it to me is that the solution in my mind is simple: don’t give Messages.app private API access. They get access other messaging apps from the App Store can’t have and that’s what’s causing these vulnerabilities, but all they need is APNS and access to the SMS service (which is private but shouldn’t be dangerous… right?).

This last one was an issue in an image decoding.. it was public API.

It’s extremely common for an attacker to find a way to exploit a maliciously crafted image. Take a look at libpng, https://www.cvedetails.com/vulnerability-list/vendor_id-7294...