Security Update 2012-004 and Mail Plugins
Why does Security Update 2012-004 for 10.6 kick out Mail 4.6 Plugins like GrowlMail 1.2.5?
MacBook Pro, Mac OS X (10.6)
Why does Security Update 2012-004 for 10.6 kick out Mail 4.6 Plugins like GrowlMail 1.2.5?
MacBook Pro, Mac OS X (10.6)
from http://support.apple.com/kb/HT5501
"Impact: Viewing an e-mail message may lead to execution of web plugins
Description: An input validation error existed in Mail's handling of embedded web plugins. This issue was addressed by disabling third-party plug-ins in Mail."
I don't pretend to understand the technical nature of the vulnerability, but simply read those Mail plug-ins could be risky.
Isn't it great that Snow Leopard got a security update!!! A big THANK YOU Apple. Keep it going.
Thanks to Adam for the quick update to Attachment Tamer, I'm happy again now!
You can download it from http://lokiware.info/
Nice subtile update Apple, killed my Letterbox plugin.
Above solutions did not work for me. This on did: http://www.macuser.de/forum/f79/10-6-8-a-653112/
Next time i'll wait a couple of week to see what they do to my system this time.....Cost me an hour to get it fixed again.ðŸ˜
Thanks, lesse, that got not only Mail-ActON and Letterbox to work, but also the ODMailbundle (which is a plugin for Contactizer Pro)
Thanks for the help.
In Snow Leopard, I was able to re-enable these plugins without Terminal, using TextWrangler to edit the plist files:
ASPBundle.mailbundle
Letterbox.mailbundle
MailFollowUp.mailbundle
MailRecent.mailbundle
Open the folder with the disabled plugins. Then, right-click on the plugin and show the package contents. Find the plist file. Using TextWrangler, edit the plist file by adding these lines to the UUID listing:
<string>064442B6-53C0-4A97-B71B-2F111AE4195B</string> |
<string>588FF7D1-4310-4175-9980-145B7E975C02</string> |
Save the file. Put the disabled plugins back into the Bundles folder and open Mail.
ASPBundle is "Attachment Scanner," which warns that you're trying to send a message referring to an attachment but forgot to attach the file.
Thanks lesse it's working fine on 10.7.5 and mail 5.3!
these two keys work for mine staffs: mail: 5.3(1283) , mac os x 10.7.5 , growlmail 1.3.3, growl 1.3(purchased from appstore).
758F235A-2FD0-4660-9B52-102CD0EA897F
3335F782-01E2-4DF1-9E61-F81314124212
using commands "default write" or directly edit the pinfo.list file have the same effects. So just choose what you feel like.
Did it by editing plist this time, thanks to you Lesse!
After done so I found this on twitter, perhaps for future updates? Anyone any experience with this?
@Don Parr: After much finagling (couldn't get Terminal to write to hidden Mail folder) I did what someone else suggested--cut and paste directly into the array list. I'd tried this before (spent about two hours with this last night), but whatever I did tonight restored Growl Mail functionality. I think part of it is that before I was trying to make repairs to v1.25.
Now running Growl 1.3.3 on Mail 5.3 with 10.7.5 (just updated).
Thanks for the tip, now works great!
The MailPluginFix software just adds the current UUIDs to the disabled plug-ins. That might work if an OS update changes the UUIDs but there haven't been any substantial changes to Mail or the Message framework as was the case with this security update, but not when there is an actual incpompatibility between the plug-in and Mail. Additionally, the definition of "substantial" may differ by plug-in.
In any case I recommend always first checking if an update is available for the specific plug-in.
I've been on the Growl site several times a day every day since the 10.7.5 update. Others have indicated that they've read posts by the developer that he is working on a more permanent solution.
Agreed, the best way to fix something broken from an OS update is to seek a newer version of the app from its developers. You can be certain that when such an update appears I'll be downloading it. Meantime, this UUID fix is the best we have for now.
JML54 THANK YOU! I hate the default mail view, using mail without letterbox for just 2 hours was awful. Great, easy solution. Cheers 🙂
That worked for me
@lesseTks MAN!
Adding the two UUIDs listed for 10.7.5 worked like a charm
Message was edited by: TonyMk
Here is the fix. I've just made it on my MBP after I ran the latest Securoty Update.
It's ONLY about updating GrowlMail with the new UUIDs of Mail.app and Message.framework.
Quit Mail first
a/ Reinstall GrowlMail 1.2.5
b/ Open your home directory ~/Library/Mail/Bundle/ folder
c/ Locate inside the GrowlMail.mailbundle/Contents folder
d/ Double-click on Info.plist to open it in the Property List Editor
e/ Locate the line SupportedPluginCompatibilityUUIDs and select it
f/ Click on Add Child and enter that exact string as "item 0" 064442B6-53C0-4A97-B71B-2F111AE4195B
g/ Click again on Add Child and enter that other string as "item 0" (the one above has become "item 1" 588FF7D1-4310-4175-9980-145B7E975C02
h/ Save and quit the Property List Editor
Open Mail ..
The two new SupportedPluginCompatibilityUUIDs are :
<string>064442B6-53C0-4A97-B71B-2F111AE4195B</string> <!-- Mail.app -->
Security Update 2012-004 and Mail Plugins