HN Reader

Instant (YC S22) Is Hiring a Founding TypeScript Engineer (instantdb.com)

1 points by stopachka 5h ago 0 comments

Jiga (YC W21) Is Hiring Engineers (workatastartup.com)

1 points by grmmph 9h ago 0 comments

KaiPod Learning (YC S21) Is Hiring VP of Engineering (ycombinator.com)

1 points by amarkumar81 1d ago 0 comments

Hightouch (YC S19) Is Hiring (ycombinator.com)

1 points by joshwget 1d ago 0 comments

Helpcare AI (YC F24) Is Hiring (docs.google.com)

1 points by hsial 2d ago 0 comments

Stellar Sleep (YC S23) is hiring a product engineer in SF (ycombinator.com)

1 points by edreichua 2d ago 0 comments

OneText (YC W23) Is Hiring a DevOps/DBA Lead Engineer

1 points by bluepnume 3d ago 0 comments

Toma (YC W24) Is Hiring Engs #3-4 (AI for Automotive) (ycombinator.com)

1 points by anthonykrivonos 3d ago 0 comments

Waypoint Transit (YC W25) is hiring a software engineer (workatastartup.com)

1 points by varuntandon 4d ago 0 comments

GroMo (YC W21) Is Hiring (ycombinator.com)

1 points by darpank 4d ago 0 comments

Archil (YC F24) Is Hiring a Distributed Systems Engineer (In-Person, SF)

1 points by huntaub 5d ago 0 comments

Modern Realty (YC S24) Is Hiring (workatastartup.com)

1 points by greenfish6 6d ago 0 comments

Hestus, Inc. (YC S24) Is Hiring an ML Engineer to Revolutionize CAD (ycombinator.com)

1 points by sohrabhaghighat 6d ago 0 comments

Activeloop (YC S18) is hiring a VP of Engineering in Mountain View (on-site) (careers.activeloop.ai)

1 points by davidbuniat 7d ago 0 comments

Optery (YC W22) – Engineering Team Lead and Engineers with Node.js (U.S., Latam) (jobs.ashbyhq.com)

1 points by beyondd 7d ago 0 comments

Extend (YC W23) is hiring engineers to build LLM document processing (jobs.ashbyhq.com)

1 points by kbyatnal 8d ago 0 comments

Parity (YC S24) is hiring founding engineers to build an AI SRE (in-person, SF) (ycombinator.com)

1 points by wilson090 9d ago 0 comments

Freshpaint (YC S19) is hiring back end and front end engineers (Remote, US only)

1 points by malisper 9d ago 0 comments

MobileBoost (YC S21) Is Hiring a Founding Back End/Platform Engineer (Remote) (ycombinator.com)

1 points by chrtng 9d ago 0 comments

Gym Class (YC W22) Is Hiring Character Animation Engineering Lead (ycombinator.com)

1 points by hackerews 10d ago 0 comments

Foundry (YC F24) is hiring – Come build a world model for the web

1 points by lakabimanil 10d ago 0 comments

Bild AI (YC W25) is hiring a founding engineer in SF (ycombinator.com)

1 points by rooppal 11d ago 0 comments

Tenjin (YC S14) Is Hiring a Senior Ad Attribution Engineer (Ruby, Go) (ycombinator.com)

1 points by amirmanji 11d ago 0 comments

Onyx (YC W24) Is Hiring for ML Engineer (ycombinator.com)

1 points by yuhongsun 13d ago 0 comments

Recover (YC W21) Is Hiring (ycombinator.com)

1 points by nickgulino1 13d ago 0 comments

GiveCampus (YC S15) Is Hiring Sr engineers passionate about education (givecampus.breezy.hr)

1 points by mkong1 13d ago 0 comments

Cekura (Formerly Vocera) (YC F24) Is Hiring (ycombinator.com)

1 points by atarus 14d ago 0 comments

Spark AI (YC W24) is hiring a full-stack engineer in San Francisco (ycombinator.com)

1 points by tk90 14d ago 0 comments

FurtherAI (YC W24) Is Hiring Software and AI Engineers (ycombinator.com)

1 points by sgondala_ycapp 15d ago 0 comments

Weave (YC W25) is hiring a founding engineer (ycombinator.com)

1 points by adchurch 15d ago 0 comments

Infisical (YC W23) Is Hiring Design Engineer in San Francisco (ycombinator.com)

1 points by dangtony98 16d ago 0 comments

Why Apple still lets malformed media files reach decoders – and how to stop it

3 jamweba 2 5/5/2025, 12:07:17 PM
Proposed: a memory-safe, pre-decoder validator layer for media inputs (MP4, MOV, etc) that Apple could deploy without changing existing decoders.

Eliminates a class of zero-click exploits. No format breakage. No patching.

https://jam2we5b3a.medium.com/this-is-the-future-apple-should-already-be-shipping-054c69d78e50

Comments (2)

solardev · 41m ago
Doesn't this move the validation step from each decoder to this sort of universal validation app (maintained and audited by who?), and would require every app to pipe its documents through it first, or else require an OS level change to make this an integral part of the "open file" workflow? It's almost like an anti-virus program.

If validating media integrity is as simple as checking a few bytes in the header, the decoder could already do that on its own.

Presumably there are attacks in media that look valid but cause subtle decoding bugs that then escalate into more serious things. How would this proposal catch those without an in depth understanding of each codec and version's possible failure modes, per operating system and hardware combo? The people who typically know that the best are already on decoder or security teams, and this just moves their work to a separate project where they'd have to integrate their checks and preventive measures alongside every other format's. Seems like a lot of work?

jamweba · 10h ago
Most media decoders still process unvalidated files — which keeps zero-click attack surfaces wide open.

This write-up outlines a minimal architectural fix: a structural validator that intercepts files before decoding begins.

    It needs no decoder rewrites

    It's format-agnostic (MP4, MOV, PNG, etc.)

    It works with existing delivery paths (AirDrop, Mail, Safari)

    And it could be deployed today
Curious what others think: Why hasn’t this already been adopted? Would Apple (or anyone) ship it?