Yeah, but Docker provides pretty good isolation if done right, it's a good start. MacOS sandbox is limited in functionality and poorly documented, but still looks promising.
The only problem is that nobody cares, so there's no evolutionary pressure for OS developers to make their products safer in the sense the applications are safe for user.
The only problem is that nobody cares, so there's no evolutionary pressure for OS developers to make their products safer in the sense the applications are safe for user.