Mail in Apple Mac OS X before 10.9 allows remote attackers to spoof the existence of a cryptographic signature for an e-mail message by using the multipart/signed content type within an unsigned message.