The two latest iOS updates are fairly significant in that they patch two critical vulnerabilities. iOS update 4.3.4 patched a number of bugs including comex’s PDF/FreeType vulnerability used to create the latest JailbreakMe exploit. If you’re a jailbreaker, it’s essential that you run comex’s ‘PDF Patcher 2’ within Cydia, in order to patch the underlying vulnerability. iOS update 4.3.5 released a couple days ago, patches a fairly significant bug in the way iOS validates SSL/TLS certificates. This vulnerability can allow an attacker to intercept and/or modify data protected within an SSL session without the user knowing it. This was possible to due the fact that iOS didn’t validate the basicContstrains parameter of SSL certificates in the chain.
If you’re only an occasional patcher – now is the time.
After logging into my MobileMe account today I was greeted with a small banner in the left-hand menu announcing an upcoming Mail Beta. Although I haven’t yet been upgraded to the Beta, it appears that Apple have been hard at work on turning MobileMe Mail into a full blown web email client… it’s about time.
Additions include proper formatting capability, improved layout and display, e-mail rules, and persistent SSL. With regards to that last one, although MobileMe supports SSL at the login screen to protect your credentials, all subsequent information (read: all your emails are belong to us) is sent in cleartext – an issue I posted about a long time ago. Google enabled the option to use persistent SSL for its Gmail service back in mid-2008 (although it is an option you have to specifically set in your Gmail preferences).
From my initial impressions of the beta, it definitely looks much better to begin with. The ability to view your inbox in the three (classic, compact, widescreen) views will probably be quite popular. The search field also works better. They finally allow you to scroll fluidly through your mailbox folders, however it only loads a certain number of message at a time. Now, this wouldn’t be too bad except that in this case it takes a bit too long for that loading to happen. Apart from that the persistent SSL also works nicely, so once they fix any small bugs and improve performance, I’ll consider myself happy.
Oh… and there’s rumors that MobileMe might become free. THAT would make me happy too!