Microsoft’s third Windows Phone update is due to be released on May 3 2011, addressing a recently discovered security issue that could see users of WP7 handsets open to phishing attacks or content spoofing. The update, a source with inside information told SlashGear, is described as a security certificate fix, closing a loophole around compromised third-party certificates issued by Comodo.
Microsoft revealed the security problem in late March, after certification authority Comodo informed them that nine certificates had been signed “without sufficiently validating” the relevant third-party identity. Comodo revoked the certificates, and Microsoft released a patch for desktop versions of its Internet Explorer browser.
However, that left the version of IE on Windows Phone 7 handsets unpatched, something this new update looks to address. It’s unclear whether the update will be released via the Zune software, as per the two previous firmware changes, or as an OTA update direct to handsets.
Affected websites:
- login.live.com
- mail.google.com
- www.google.com
- login.yahoo.com (3 certificates)
- login.skype.com
- addons.mozilla.org
- “Global Trustee”