Protect 10.9.5 from CVE-2016-4631 & 4632?

Discussion in 'OS X Mavericks (10.9)' started by Avenged110, Jul 27, 2016.

  1. Avenged110 macrumors 6502

    Joined:
    Aug 2, 2010
    #1
    According to Apple's information (https://support.apple.com/en-us/HT206903), they patched ImageIO exploits CVE-2016-4629 and CVE-2016-4630 on Mavericks. However, they do not claim to have patched 10.9.5 with regard to CVE-2016-4631 or CVE-2016-4632. From how these have been described to me, this was not done because 10.9.5 was not vulnerable, but rather because of some other reason (perhaps Apple couldn't easily patch older versions without putting in more work with more drastic changes?). Unless I'm misunderstanding something, in which case please clarify.

    Nonetheless, does anyone know any ways 10.9.5 could be hardened to protect against these vulnerabilities? At least in Safari against the TIFF exploit that was seemingly not patched.
    Side note: iOS at least has "TIFF Disabler" to help with that one on older versions.
     
  2. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #2
    Difficult to say. You’d have to know where the bug exactly lies and whether it is possible to fix or avoid it without Apple’s help. ImageIO is a closed-source media framework and embedded within many apps, not just Safari (Preview, Messages, Mail, perhaps even Quick Look should be affected too). I read that Chrome and Firefox are apparently not affected, because they do not use the ImageIO framework.

    The best advice is to upgrade to El Capitan. Sticking with an older release is really not an option if you want to stay as secure as possible.
     
  3. Avenged110 thread starter macrumors 6502

    Joined:
    Aug 2, 2010
    #3
    Fair enough. I'm not leaving 10.9.5, but thanks for the info.
     

Share This Page