Back in March we reported on some fraudulent SSL certificates that could make WP7 users vulnerable to phishing/spoofing attacks, and the possibility that MS would be releasing a security update to fix it. According to SlashGear, sources have revealed that MS plans to roll out the update on May 3. It is still unknown whether the patch will come in the form of an OTA push or through Zune software updates.
The fake certificates were brought to light by Comodo, who issued them without fully verifying their validity, and affect nine different websites. Comodo has since revoked the certs in question, while Microsoft posted a bulletin for desktop users of Internet Explorer. The sites affected are:
- login.yahoo.com (3 certificates)
- “Global Trustee”
UPDATE: Bruce Cowper, Group Manager of Microsoft’s Trustworthy Computing, has told WinRumors that users will be notified of the update's availability over the air, while the update itself will come through Zune. He could not confirm the release date, but simply said, “the Windows Phone team is actively working with mobile partners to develop and distribute a mitigation update.”