{"id":556,"date":"2013-03-15T01:03:36","date_gmt":"2013-03-15T06:03:36","guid":{"rendered":"http:\/\/www.brunerd.com\/blog\/?p=556"},"modified":"2013-03-15T22:48:41","modified_gmt":"2013-03-16T03:48:41","slug":"silverlight-the-next-plugin-apple-will-be-blocking","status":"publish","type":"post","link":"https:\/\/www.brunerd.com\/blog\/2013\/03\/15\/silverlight-the-next-plugin-apple-will-be-blocking\/","title":{"rendered":"Silverlight: the next plugin Apple will be blocking"},"content":{"rendered":"

Shhh… Silverlight’s been updated for Mac<\/h2>\n

So by shear accident,\u00a0I was in Windows 7 via Boot Camp today. I decided to run updates and actually look at what was being updated. I noticed there was a new Silverlight update, 5.1.20125.0, speak of the devil, in my XProtect Plugin Checker post<\/a>, not long ago, I speculate when Silverlight will be blocked by Apple because of a security update. Security bulletin MS13-022<\/a>\u00a0explains the critical nature of this for Windows and Mac, if you want to see an MS engineer tell you it’s Priority 1 this month you can visit the Microsoft March 2013 security update page<\/a>. You’ll need Silverlight to watch the video, but don’t worry it won’t give you prompt you to update. Neither does Netflix. Apparently Microsoft haven’t pulled the trigger to alert users with old Silverlight plugins! Are they waiting for this 14.9MB package to replicate around the world to all the Akamai distribution servers or something? I think it’s done now.<\/p>\n

Whither Thou Goest Check for Updates (or Preferences for that matter)?<\/h2>\n

So I decided to double check my auto-update settings in Silverlight. Would you<\/em> like to check your Silverlight Preferences? The easy<\/em> way is to Control-Click\/Right-Click<\/strong> on Silverlight content<\/strong> and select\u00a0About Silverlight<\/strong>\u00a0from the menu. But take a real world example: you are at a site that won’t load it’s Silverlight content because the caches need cleaning! (This really happened to someone I had to support remotely via email).<\/p>\n

Let’s go spelunking!
\nOpening Silverlight Preferences<\/strong> the hard way:<\/p>\n

Navigate to \/Library\/Internet Plug-Ins<\/strong>
\nControl-Click on Silverlight.plugin<\/strong> and Show Package Contents<\/strong>
\nNavigate into Contents\/Resources<\/strong>
\nDouble click\u00a0Silverlight Preferences.app<\/strong><\/p>\n

Or type this in at Terminal:<\/p>\n

open \/Library\/Internet\\ Plug-Ins\/Silverlight.plugin\/Contents\/Resources\/Silverlight\\ Preferences.app<\/pre>\n
I ended up making a .command<\/a> file to do this, zipped it up, and emailed it so the user could simply empty the Silverlight caches and get back to work (if this was for real work or Netflix I’m not sure…) but regardless,\u00a0a Preference Pane would be kinda nice MS Silverlight dev folks! All it has to do, at bare minimum, is open this very same app inside the plugin bundle (so we don’t have to dig for it). That’s what the Oracle Java 7 prefPane does. I digress here’s my settings:<\/p>\n
\"SilverlightUpdates\"<\/a><\/p>\n
Yep that’s set…
\nOK so Microsoft doesn’t think this Priority 1 update needs updating yet on the Mac?<\/p>\n
For fun, in the same folder you can run\u00a0UpdatePrompt.app<\/strong> to see this:<\/p>\n
\"SilverlightUpdatePrompt\"<\/a><\/p>\n
Clicking Install<\/strong> now launches the URL: http:\/\/go2.microsoft.com\/fwlink\/?LinkId=116053<\/a>\u00a0which will automatically start downloading the newest version of Silverlight.<\/p>\n
Exploring the XProtect Factor<\/h2>\n
Now, I though to myself, if Microsoft doesn’t start getting people to update, I think I know what Apple’s gonna do… but they haven’t done it yet. So I did. I edited my XProtect.meta.plist and blocked Silverlight myself:<\/p>\n
\"XprotectMetaBlockSilverlight\"<\/a><\/p>\n
Just wedged it right in there with TextWrangler<\/a>!\u00a0Now, what happens when I visit a Silverlight page in Safari?<\/p>\n
\"Blocked<\/a><\/p>\n
Boom, blocked. Aha! This mechanism is quite extensible to whatever plugin Apple deems insecure. Interestingly though, this warning will appear only\u00a0once<\/strong> in Safari.<\/strong><\/p>\n
\"Blocked<\/a><\/p>\n
After that your Silverlight content will simply not load and you won’t be told why. The bundle name and version are set under the PreviouslyAnnouncedBlockedPlugins<\/strong>\u00a0key in com.apple.Safari.plist<\/em> and that’s it. Clicking OK<\/strong> in a hurry without reading the message might leave you scratching your head, while repeatedly clicking reload at Netlflix.<\/p>\n
\"Safari<\/a><\/p>\n
Taking a peek at my XProtectPluginChecker<\/a> I see it’s able to compare the installed version to the values XProtect.meta.plist<\/em> has. My script is working dynamically, as planned, yay! (I fixed a couple bugs the first few days after posting so re-download if you were an early bird user)<\/p>\n
\"XProtectPluginChecker-silverlightBlocked\"<\/a>So while you may not be seeing this\u00a0yet\u00a0<\/strong>I have a strong feeling you will… and when you do\u00a0XProtectPluginChecker<\/a>\u00a0will let you know.
\n<\/strong><\/p>\n
System Administrator Bonus<\/h2>\n
Say, Mac SysAdmins, wanna disable Silverlight on all your deployed Macs right now? Why? Maybe you want to turn it off right away and worry about installing the update later? BTW this does not block the plugin in Firefox (they have their own mechanism<\/a>), Safari only.<\/p>\n
sudo \/usr\/libexec\/PlistBuddy -x -c \"add :PlugInBlacklist:10:com.microsoft.SilverlightPlugin dict\" \/System\/Library\/CoreServices\/CoreTypes.bundle\/Contents\/Resources\/XProtect.meta.plist<\/pre>\n
sudo \/usr\/libexec\/PlistBuddy -x -c \"add :PlugInBlacklist:10:com.microsoft.SilverlightPlugin:MinimumPlugInBundleVersion string 5.1.20125.0\" \/System\/Library\/CoreServices\/CoreTypes.bundle\/Contents\/Resources\/XProtect.meta.plist<\/pre>\n
That’ll get your XProtect.meta.plist PluginBlacklist dictionary looking something like this (version vary between 10.6 and 10.7\/10.8 machines):<\/p>\n
\"XProtectXML\"<\/a>\u00a0Viola, your Silverlight don’t work no more. :] Now go update it<\/a>!<\/p>\n
 <\/p>\n
 <\/p>\n","protected":false},"excerpt":{"rendered":"
Shhh… Silverlight’s been updated for Mac So by shear accident,\u00a0I was in Windows 7 via Boot Camp today. I decided to run updates and actually look at what was being updated. I noticed there was a new Silverlight update, 5.1.20125.0, speak of the devil, in my XProtect Plugin Checker post, not long ago, I speculate […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,7,8],"tags":[],"class_list":["post-556","post","type-post","status-publish","format-standard","hentry","category-apple","category-microsoft","category-security"],"_links":{"self":[{"href":"https:\/\/www.brunerd.com\/blog\/wp-json\/wp\/v2\/posts\/556","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.brunerd.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.brunerd.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.brunerd.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.brunerd.com\/blog\/wp-json\/wp\/v2\/comments?post=556"}],"version-history":[{"count":11,"href":"https:\/\/www.brunerd.com\/blog\/wp-json\/wp\/v2\/posts\/556\/revisions"}],"predecessor-version":[{"id":575,"href":"https:\/\/www.brunerd.com\/blog\/wp-json\/wp\/v2\/posts\/556\/revisions\/575"}],"wp:attachment":[{"href":"https:\/\/www.brunerd.com\/blog\/wp-json\/wp\/v2\/media?parent=556"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.brunerd.com\/blog\/wp-json\/wp\/v2\/categories?post=556"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.brunerd.com\/blog\/wp-json\/wp\/v2\/tags?post=556"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}