Glenn Fleishman, writing for Macworld:

Talos found that maliciously constructed data saved as BMP, Digital Asset Exchange, OpenEXR, and TIFF image files could outwit the operating and allow code to be written and executed, including opening up a system to remote exploits. The ancient lossless image format TIFF using, however, is the worst culprit as Apple’s OSes will access a TIFF image to render a format in many cases without a user specifically opening a malicious file.

And:

The TIFF flaw affects unpatched current releases of every Apple OS: iOS 9, tvOS 9, watchOS 2, and OS X 10.11 El Capitan, as well as 10.9 Mavericks and 10.10 Yosemite.

Bottom line, this is a proof of concept at the moment. Apple has released protective updates for recent OSes, not yet for Mavericks or Yosemite. As always, keep your software updated.