updated 05:00 pm EDT, Tue July 22, 2008
MobileMe mail, security
Although many problems have been resolved, the MobileMe online service continues to suffer from serious issues, accounts suggest. Apple's status page presently indicates that "1 percent of MobileMe members" do not have proper mail access, an issue which has persisted in some cases for several days. Apple support staff are said to be claiming that the issue is with one of MobileMe's mail servers, but no timeline for a fix has been announced.
The scope of users affected by the mail outage appears to be international, with people reporting problems in the US, Scotland, Australia and Japan. Access may also be inconsistent, with accounts briefly reactivating only to disappear again. One user warns that if an account does reactivate, there is a possibility that it may delete all local e-mail, with little possibility of recovering messages on Apple's end. People are thus encouraged to backup important messages before they attempt to sync Mail with MobileMe.
Probing meanwhile reveals that the service has a security hole in its account information webpage. When clicking on the link, the page normally requires users to re-authenticate; by switching the end of the "authorize=N" string to "Y," however, people can bypass the check and view a person's name, address and e-mail information. Exploiting this effectively requires being on location however, and the victim must also have opted for a two-week login cookie.