Apple iOS and Mac in-app purchases hacked.

Desmond

Destroy Erase Improve
Staff member
Admin
Is it just me or Apple's dominoes seem to be tumbling.

First this:
Apple’s in-app purchasing process circumvented by Russian hacker

We received some disturbing tips today that a Russian developer has published a method of obtaining in-app purchases from iOS apps for free. First noticed by Russian blog i-ekb.ru, the “in-app proxy” method does not require a jailbreak, can be completed by novices in three steps using just an iOS device, and allows users to install in-app content for free. The hack also works on all devices running iOS 3.0 to 6.0. We confirmed the method works (at least temporarily), and the published instructions are starting to get attention, so we decided to publish this story as a warning to the Apple developer community.
Source

...then this:
Apple Mac in-app purchases hacked; everything free like on iOS

While Apple is working hard to fight the hacking of its In-App Purchase program for iOS, the same hacker has pulled off almost an almost identical scheme for the Mac. Just like on iOS, this means you can purchase in-app Mac content without actually paying.
.
.
.
Last week Russian developer Alexey Borodin hacked Apple's In-App Purchase program for all devices running iOS 3.0 or later, allowing iPhone, iPad, and iPod touch users to circumvent the payment process and essentially steal in-app content. Apple today announced a temporary fix and that it would patch the holes with the release of iOS 6. While Cupertino was distracted, Borodin came in and pulled off the same scheme on the Mac.

That's right. Borodin's new hack allows Mac users to circumvent the payment process and essentially steal in-app content, just like his previous one did for iOS. The new "In-Appstore for OS X" service uses a similar method to fake transactions made to Apple's servers, according to "Getting started to receive your in-app for free on OS X."
.
.
.
The only difference this time around (apart from the different store), is that Borodin has developed an app called "Grim Receiper." It must be run on the local machine, and as far as I can tell its main purpose is to collect receipts for reuse. "That's the tool to keep your original receipts in safe place (locally, of course) during you are using in-appstore.com," says Borodin.

Affected iOS apps treated Borodin's server as an official communication because of how Apple authenticates a purchase. The same thing goes for Mac apps. The problem is that Apple does not tie a given purchase directly to a customer or device, meaning a single purchased receipt can be used again and again.
Source
 

Tech&ME

Banned
Already Fixed by Apple.

iOS6 will completely fix this and mountain lion will fix it as well permanently on Mac.
 

amjath

Human Spambot
This happened
*tekbloggers.files.wordpress.com/2012/06/mac-osx-before-after.jpg?w=560&h=590
 

Tech&ME

Banned
I miss Steve at this point !! :sad:

I have fear, I don't want to see Apple with competitive products, I wish they make unique products in the future too. I know a great visionary is no more, but there has to one that can take the company in the right direction.
 

root.king

geek in action
I miss Steve
at this point !! :sad:

I have fear, I don't want to see Apple with competitive products, I wish they make unique products in the future too. I know a great visionary is no more, but there has to one that can take the company in the right direction.

we all miss steve
 

amjath

Human Spambot
^^ whatever, hope everyone read this. Every man has 2 sides

Apple founder Steve Jobs 'took drugs and abandoned his family' - Telegraph
 
Top Bottom