Security Update 2012-004 (Snow Leopard)
Apple has released Security Update 2012-004 for both Mac OS X 10.6.8 Snow Leopard and 10.6.8 Snow Leopard Server, both of which address the same issues. Among the list of fixes, the releases update Apache 2.2.22 to prevent a vulnerability that could lead to denial of service, add a revoked TrustWave root certificate to a list of untrusted certificates, and update the DirectoryService Proxy to prevent an arbitrary execution of code due to an overflow buffer vulnerability. There’s no reason to update instantly; we recommend waiting a week or so and seeing if online reports note any
distressing side effects. Note that Apple incorrectly lists the file size of the 10.6.8 Snow Leopard Security Update as 2.36 MB — it is actually 257 MB. (Free, 257/276 MB)
And disables ALL plugins in Snow Leopard Mail. Disaster......
Mail doesn't work anymore here ...
I'm confused - maybe you can help since Mail stopped working for you too. All the other write ups concerned plug ins. Mine is just mail. Were you able to get plain ole Mail 4.6 or 4.5 working after installing the latest security patch? I'm a unix novice. Thanks
Yes, this update disables not only 3rd party plugins (Spam Sieve, Letterbox, Growl) in Mail, but "To Do" feature as well.
Spam Sieve (love 'em to death) whipped out a beta fix.
Get at:
http://c-command.com/beta/SpamSieve-2.9.5b1.dmg
No fix for Letterbox, which was only updated for 10.6.7 anyway.
BUT see Apple discussion for other fixes:
https://discussions.apple.com/thread/4311387
UPDATE: Spam Sieve also posted it's own comments about restoring the mail plugin:
http://support.indev.ca/discussions/questions/643-plugins-broken-wsecurity-update-today
You say it's 257/276 MB. But the file I downloaded (apparently successfully) is reported in Finder as 269.6 MB (269,582,402 bytes). Does that mean there's something wrong with my file, or is it just something about disk allocation block sizes or something? I haven't installed it yet.
Don't worry about it - we give reported file sizes so you can get a sense of how long it will take to download, and the actual size can vary based on how you get it or what Mac model you have.
Thank you Apple for updating Apache but what about OpenSSL it has been vulnerable since January. Trustwave, my PCI tester still fails my server because OpenSSL hasn't been upgraded from 0.9.8r to 0.9.8s or later.
Does Apple even care?
Who now how to go back from this update ? ( I suspect it to broke one of my applications)
Thx