14 DAY TRIAL // Microsoft is working hard to bring Windows 10 for Phones to fans as soon as possible, but if we are to believe the company's announcement issued last week, that won't happen until later this summer.
Nevertheless, those who already own Windows Phone 8.1 handsets are anxiously waiting for Windows 10 for Phones to be released since their smartphones are fully compatible with the new OS.
Although it will take some time until all Windows Phone 8.1 devices receive Windows 10 for Phones updates, at least Microsoft confirmed they would eventually get them.
Until then though, only select Windows Phone 8.1 users can test the new version of the OS via Windows 10 Technical Preview. And if you are one of those people, then you should consider yourself lucky that you aren't affected by a serious security flaw discovered by a Reddit user.
The issue has been fixed on Windows 10 for Phones
An Internet Explorer security flaw now allows someone to learn a password that's been used on a website. How is that possible? Unfortunately, it's pretty simple and doesn't require too many operations.
When you enter a password into a field on a website, that password is displayed with asterisks (******), so no one can find out what it is.
Nothing wrong and unusual here, but the problem is that when you copy/paste that password into a password field and then search for it using the dedicated button, it will open Bing Search or Cortana and the password will be revealed.
If you copy/paste the password somewhere else, it will not be revealed, but searching for it using Bing or Cortana will show it without the asterisks.
Keep in mind that this security flaw isn't present on Windows 10 for Phones. Only Internet Explorer on Windows Phone 8.1 is affected by this issue and Microsoft has yet to comment on the matter.
Update: Microsoft engineers have responded to the report from Reddit and issued the following short statement:
"Thank you for contacting the Microsoft Security Response Center. Upon investigation we have determined it to not be a security vulnerability as it requires physical access (please see link below). For an in-depth discussion of what constitutes a product vulnerability, please see this thread."