Skip navigation

Security Update 2012-004 and Mail Plugins

19317 Views 72 Replies Latest reply: Apr 10, 2013 11:34 AM by Connie Mahan RSS
1 2 3 ... 5 Previous Next
Claas Hanken Calculating status...
Currently Being Moderated
Sep 19, 2012 3:12 PM

Why does Security Update 2012-004 for 10.6 kick out Mail 4.6 Plugins like GrowlMail 1.2.5?

MacBook Pro, Mac OS X (10.6)
  • roam Level 6 Level 6 (13,545 points)
    Currently Being Moderated
    Sep 19, 2012 4:21 PM (in response to Claas Hanken)

    from http://support.apple.com/kb/HT5501

    "Impact: Viewing an e-mail message may lead to execution of web plugins

    Description: An input validation error existed in Mail's handling of embedded web plugins. This issue was addressed by disabling third-party plug-ins in Mail."

     

    I don't pretend to understand the technical nature of the vulnerability, but simply read those Mail plug-ins could be risky.

     

    Isn't it great that Snow Leopard got a security update!!! A big THANK YOU Apple. Keep it going.

    iMac, Mac OS X (10.6.8), 10.5.8 iBook 10.3.9
  • WZZZ Level 6 Level 6 (11,880 points)
    Currently Being Moderated
    Sep 19, 2012 6:26 PM (in response to roam)

    Knock me over with a feather. The last thing I expected. The DL page shows 2.36MB and the .dmg in progress is showing 257MB.

     

    Word of advice to anyone reading this: wait and see what turns up here before installing.There have been some pretty funky updates from time to time. Last winter one crashed all PPC/Rosetta applications.

  • roam Level 6 Level 6 (13,545 points)
    Currently Being Moderated
    Sep 19, 2012 7:44 PM (in response to WZZZ)

    I've installed it and all seems fine, so far so good. Rosetta working well. Fortunately, I don't have Mail plugins.

    I'm rapt this update gives Snow fresh legs. 

  • lesse Calculating status...
    Currently Being Moderated
    Sep 20, 2012 2:48 AM (in response to Claas Hanken)

    1. Close Mail

    2. If the plugin already got moved to “~/Library/Mail/Bundles (Disabled)/” move it back to “~/Library/Mail/Bundles/

    3. Open Terminal

    4. defaults write ~/Library/Mail/Bundles/GrowlMail.mailbundle/Contents/Info SupportedPluginCompatibilityUUIDs -array-add "064442B6-53C0-4A97-B71B-2F111AE4195B"

    5. defaults write ~/Library/Mail/Bundles/GrowlMail.mailbundle/Contents/Info SupportedPluginCompatibilityUUIDs -array-add "588FF7D1-4310-4175-9980-145B7E975C02"

     

    and now GrowlMail 1.2.5 will work =)

  • jazzmosax Calculating status...
    Currently Being Moderated
    Sep 20, 2012 3:56 AM (in response to lesse)

    The bottom one (under 5.) works for Letterbox and for MailActOn

    as well, just change 'GrowlMail' to 'Letterbox' or to 'MailActOn'.

    thanks lesse

  • lecho Calculating status...
    Currently Being Moderated
    Sep 20, 2012 4:13 AM (in response to jazzmosax)

    ... and what about Growl 1.3.3 (purchased via App store) and GrowlMail on 10.7.5. Plugin was disabled by Mail app, but still sits in ~/Library/Mail/Bundles/. How to fix it?

     

    I'll appreciate your help.

     

    iLech

  • WZZZ Level 6 Level 6 (11,880 points)
    Currently Being Moderated
    Sep 20, 2012 4:44 AM (in response to roam)

    roam wrote:

     

    Fortunately, I don't have Mail plugins.

    I'm rapt this update gives Snow fresh legs. 

    Not in ~/Library/Mail, but I'm seeing two Plug-ins in Mail.app>Package Contents.

     

    MailWebPlugin.webplugin

     

    ToDoPlugin.webplugin

     

    No idea what they do, but perhaps these are the ones that get disabled?

     

    I remember now that when Leopard came along Tiger got one more Security Update in the fall of that year. I hope this isn't going to be like that.

  • lesse Level 1 Level 1 (5 points)
    Currently Being Moderated
    Sep 20, 2012 4:50 AM (in response to lecho)

    try both UUIDs (from Mail 5.3 (1283))

     

    758F235A-2FD0-4660-9B52-102CD0EA897F

    3335F782-01E2-4DF1-9E61-F81314124212

     

    i cannot test this 'cause i don't have Growl in 10.7.5

  • lecho Level 1 Level 1 (0 points)
    Currently Being Moderated
    Sep 20, 2012 4:55 AM (in response to lesse)

    Thx lesse, I'l try it. Is there any risk if it will not work, that something else might stop working?

  • jazzmosax Level 1 Level 1 (0 points)
    Currently Being Moderated
    Sep 20, 2012 5:02 AM (in response to lecho)

    Has anyone found a fix for Attachment Tamer, I cannot get it to work with the same fix as Letterbox and MailActOn ?

  • bombardier Calculating status...
    Currently Being Moderated
    Sep 20, 2012 5:38 AM (in response to jazzmosax)

    Nope, haven't found a fix for Attachment Tamer - I've sent the dev an e-mail though.

     

    SpamSieve has a 2.9.5b1 that fixes it, available from a link on the dev's support forum.

  • snagitseven Level 1 Level 1 (0 points)
    Currently Being Moderated
    Sep 20, 2012 7:39 AM (in response to Claas Hanken)

    After the Security Update 2012-004, using one or the other of lesse's two fixes above, I was able to get Letter Opener, OMIC (Letter Box) and MailFollowUp working but not Attachment Tamer which is my most important IMO. I too have sent a meesage to the developer. I have 10.6.8 with Mail 4.6.

    Thanks, lesse.

  • vcayenne Level 1 Level 1 (0 points)
    Currently Being Moderated
    Sep 20, 2012 8:36 AM (in response to lesse)

    This one worked for me, Lesse.

     

    …for GrowlMail on 10.7.5

  • mweger Calculating status...
    Currently Being Moderated
    Sep 20, 2012 8:54 AM (in response to lesse)

    "try both UUIDs (from Mail 5.3 (1283))

     

    758F235A-2FD0-4660-9B52-102CD0EA897F

    3335F782-01E2-4DF1-9E61-F81314124212"

     

     

    Using Terminal to change the Growlmail plist did not work for me under 10.7.5 BUT directly editing the plist and adding the two UUIDs listed for 10.7.5 worked like a charm.   Thanks for the tip!

1 2 3 ... 5 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (2)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.