Security Update 2012-004 and Mail Plugins

from http://support.apple.com/kb/HT5501

"Impact: Viewing an e-mail message may lead to execution of web plugins

Description: An input validation error existed in Mail's handling of embedded web plugins. This issue was addressed by disabling third-party plug-ins in Mail."

I don't pretend to understand the technical nature of the vulnerability, but simply read those Mail plug-ins could be risky.

Isn't it great that Snow Leopard got a security update!!! A big THANK YOU Apple. Keep it going.

Knock me over with a feather. The last thing I expected. The DL page shows 2.36MB and the .dmg in progress is showing 257MB.

Word of advice to anyone reading this: wait and see what turns up here before installing.There have been some pretty funky updates from time to time. Last winter one crashed all PPC/Rosetta applications.

I've installed it and all seems fine, so far so good. Rosetta working well. Fortunately, I don't have Mail plugins.

I'm rapt this update gives Snow fresh legs. 🙂

1. Close Mail

2. If the plugin already got moved to “~/Library/Mail/Bundles (Disabled)/” move it back to “~/Library/Mail/Bundles/”

3. Open Terminal

4. defaults write ~/Library/Mail/Bundles/GrowlMail.mailbundle/Contents/Info SupportedPluginCompatibilityUUIDs -array-add "064442B6-53C0-4A97-B71B-2F111AE4195B"

5. defaults write ~/Library/Mail/Bundles/GrowlMail.mailbundle/Contents/Info SupportedPluginCompatibilityUUIDs -array-add "588FF7D1-4310-4175-9980-145B7E975C02"

and now GrowlMail 1.2.5 will work =)

The bottom one (under 5.) works for Letterbox and for MailActOn

as well, just change 'GrowlMail' to 'Letterbox' or to 'MailActOn'.

thanks lesse

... and what about Growl 1.3.3 (purchased via App store) and GrowlMail on 10.7.5. Plugin was disabled by Mail app, but still sits in ~/Library/Mail/Bundles/. How to fix it?

I'll appreciate your help.

iLech

roam wrote:

Fortunately, I don't have Mail plugins.

I'm rapt this update gives Snow fresh legs. 🙂

Not in ~/Library/Mail, but I'm seeing two Plug-ins in Mail.app>Package Contents.

MailWebPlugin.webplugin

ToDoPlugin.webplugin

No idea what they do, but perhaps these are the ones that get disabled?

I remember now that when Leopard came along Tiger got one more Security Update in the fall of that year. I hope this isn't going to be like that.

try both UUIDs (from Mail 5.3 (1283))

758F235A-2FD0-4660-9B52-102CD0EA897F

3335F782-01E2-4DF1-9E61-F81314124212

i cannot test this 'cause i don't have Growl in 10.7.5

Thx lesse, I'l try it. Is there any risk if it will not work, that something else might stop working?

Has anyone found a fix for Attachment Tamer, I cannot get it to work with the same fix as Letterbox and MailActOn ?

Nope, haven't found a fix for Attachment Tamer - I've sent the dev an e-mail though.

SpamSieve has a 2.9.5b1 that fixes it, available from a link on the dev's support forum.

After the Security Update 2012-004, using one or the other of lesse's two fixes above, I was able to get Letter Opener, OMIC (Letter Box) and MailFollowUp working but not Attachment Tamer which is my most important IMO. I too have sent a meesage to the developer. I have 10.6.8 with Mail 4.6.

Thanks, lesse.

This one worked for me, Lesse.

…for GrowlMail on 10.7.5

"try both UUIDs (from Mail 5.3 (1283))

758F235A-2FD0-4660-9B52-102CD0EA897F

3335F782-01E2-4DF1-9E61-F81314124212"

Using Terminal to change the Growlmail plist did not work for me under 10.7.5 BUT directly editing the plist and adding the two UUIDs listed for 10.7.5 worked like a charm. Thanks for the tip!

Thank you so much! Using the information you provided here, I have growlmail 1.3.3 working again on Lion 10.7.5, so grateful 😎!