According to Apple's information (https://support.apple.com/en-us/HT206903), they patched ImageIO exploits CVE-2016-4629 and CVE-2016-4630 on Mavericks. However, they do not claim to have patched 10.9.5 with regard to CVE-2016-4631 or CVE-2016-4632. From how these have been described to me, this was not done because 10.9.5 was not vulnerable, but rather because of some other reason (perhaps Apple couldn't easily patch older versions without putting in more work with more drastic changes?). Unless I'm misunderstanding something, in which case please clarify. Nonetheless, does anyone know any ways 10.9.5 could be hardened to protect against these vulnerabilities? At least in Safari against the TIFF exploit that was seemingly not patched. Side note: iOS at least has "TIFF Disabler" to help with that one on older versions.