Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Security Update 2012-004 and Mail Plugins

Why does Security Update 2012-004 for 10.6 kick out Mail 4.6 Plugins like GrowlMail 1.2.5?

MacBook Pro, Mac OS X (10.6)

Posted on Sep 19, 2012 3:12 PM

Reply
Question marked as Best reply

Posted on Sep 19, 2012 4:21 PM

from http://support.apple.com/kb/HT5501

"Impact: Viewing an e-mail message may lead to execution of web plugins

Description: An input validation error existed in Mail's handling of embedded web plugins. This issue was addressed by disabling third-party plug-ins in Mail."


I don't pretend to understand the technical nature of the vulnerability, but simply read those Mail plug-ins could be risky.


Isn't it great that Snow Leopard got a security update!!! A big THANK YOU Apple. Keep it going.

72 replies
Question marked as Best reply

Sep 19, 2012 4:21 PM in response to Claas Hanken

from http://support.apple.com/kb/HT5501

"Impact: Viewing an e-mail message may lead to execution of web plugins

Description: An input validation error existed in Mail's handling of embedded web plugins. This issue was addressed by disabling third-party plug-ins in Mail."


I don't pretend to understand the technical nature of the vulnerability, but simply read those Mail plug-ins could be risky.


Isn't it great that Snow Leopard got a security update!!! A big THANK YOU Apple. Keep it going.

Sep 19, 2012 6:26 PM in response to roam

Knock me over with a feather. The last thing I expected. The DL page shows 2.36MB and the .dmg in progress is showing 257MB.


Word of advice to anyone reading this: wait and see what turns up here before installing.There have been some pretty funky updates from time to time. Last winter one crashed all PPC/Rosetta applications.

Sep 20, 2012 2:48 AM in response to Claas Hanken

1. Close Mail

2. If the plugin already got moved to “~/Library/Mail/Bundles (Disabled)/” move it back to “~/Library/Mail/Bundles/

3. Open Terminal

4. defaults write ~/Library/Mail/Bundles/GrowlMail.mailbundle/Contents/Info SupportedPluginCompatibilityUUIDs -array-add "064442B6-53C0-4A97-B71B-2F111AE4195B"

5. defaults write ~/Library/Mail/Bundles/GrowlMail.mailbundle/Contents/Info SupportedPluginCompatibilityUUIDs -array-add "588FF7D1-4310-4175-9980-145B7E975C02"


and now GrowlMail 1.2.5 will work =)

Sep 20, 2012 4:44 AM in response to roam

roam wrote:


Fortunately, I don't have Mail plugins.

I'm rapt this update gives Snow fresh legs. 🙂

Not in ~/Library/Mail, but I'm seeing two Plug-ins in Mail.app>Package Contents.


MailWebPlugin.webplugin


ToDoPlugin.webplugin


No idea what they do, but perhaps these are the ones that get disabled?


I remember now that when Leopard came along Tiger got one more Security Update in the fall of that year. I hope this isn't going to be like that.

Sep 20, 2012 8:54 AM in response to lesse

"try both UUIDs (from Mail 5.3 (1283))


758F235A-2FD0-4660-9B52-102CD0EA897F

3335F782-01E2-4DF1-9E61-F81314124212"



Using Terminal to change the Growlmail plist did not work for me under 10.7.5 BUT directly editing the plist and adding the two UUIDs listed for 10.7.5 worked like a charm. Thanks for the tip!

Security Update 2012-004 and Mail Plugins

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.