Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Avenged110

macrumors 6502a
Original poster
Aug 2, 2010
660
955
Greatest Country on Earth
According to Apple's information (https://support.apple.com/en-us/HT206903), they patched ImageIO exploits CVE-2016-4629 and CVE-2016-4630 on Mavericks. However, they do not claim to have patched 10.9.5 with regard to CVE-2016-4631 or CVE-2016-4632. From how these have been described to me, this was not done because 10.9.5 was not vulnerable, but rather because of some other reason (perhaps Apple couldn't easily patch older versions without putting in more work with more drastic changes?). Unless I'm misunderstanding something, in which case please clarify.

Nonetheless, does anyone know any ways 10.9.5 could be hardened to protect against these vulnerabilities? At least in Safari against the TIFF exploit that was seemingly not patched.
Side note: iOS at least has "TIFF Disabler" to help with that one on older versions.
 
Difficult to say. You’d have to know where the bug exactly lies and whether it is possible to fix or avoid it without Apple’s help. ImageIO is a closed-source media framework and embedded within many apps, not just Safari (Preview, Messages, Mail, perhaps even Quick Look should be affected too). I read that Chrome and Firefox are apparently not affected, because they do not use the ImageIO framework.

The best advice is to upgrade to El Capitan. Sticking with an older release is really not an option if you want to stay as secure as possible.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.