Yesterday, news broken that Microsoft is working on a security patch for Windows Phone 7 and indeed, as sources confirmed the::unwired today, there is such a security fix in work. As a matter of fact, it's not fixing anything which Microsoft made wrong but the update is an emergency fix to prevent a malicious attacker from potentially intercepting web browser traffic because Comodo, a 3rd party Certification Authority, issued fraudulent digital certificates which has signed certificates on behalf of a third party without sufficiently validating its identity. These certificates may be used to spoof content, perform phishing attacks or perform man-in-the-middle attacks against all web browsers including Internet Explorer on Windows Phone 7.
According to our sources, the security update is currently tested by Microsoft and its partners, namely manufactures and carriers and it was initially planned be released to end users end of April; even if we have now also heard that it might come early May.
However, we've also heard that this security update is affecting the schedul of Microsoft's regular "April Windows Phone 7" update which will be delayed until the security update has been delivered. Unfortunately our source wasn't able to tell us what a Windows Phone 7 April update might be about and when it's planned to be released to end users. So far we haven't heard of any post-NoDo updates but it seems Microsoft is planning further updates before it will roll-out Mango later this year.
Cheers ~ Arne