We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

iOS free app hack now working on Mac App Store

Russian hacker has published details of a hack that makes it possible to get free in-app purchases on the Mac App Store

The hacker who published instructions for bypassing Apple's iOS authentication services in order to get free in-app purchases has now published details of a hack that makes it possible to get free in-app purchases on the Mac App Store.

The four step process is outlined on Forbes and includes:

Installing a CA certificateInstalling an in-appstore.com certificateChanging DNS record in the WiFi settingsRunning the Grim Receiper application

It's a similar hack to the iOS version, the main difference being the Grim Receiper tool that enables users to store the purchase receipts on their Mac.

Both hacks are made possible because Apple doesn't link purchases to a customer or device, so a single purchased receipt can be used repeatedly. For now Apple has published some guidelines for developers wishing to protect themselves from the hack. The company says it will address the vulnerability with iOS 6, due out this autumn.

Forbes goes on to point out that any Mac user trying to take advantage of the hack is "sending your Apple ID and password to a third party."

The App Store hack that lets iOS users trick the App Store into giving them in-app purchases for free went public almost two weeks ago. Alexey V. Borodin of Russia built the in-app purchase hack, which requires several steps--including installing bogus certificates on your device, and using a specially-crafted DNS server. Those ingredients combine to fool apps into believing that they're communicating with the App Store, when they're actually going to a Web server that pretends to the App Store instead. Borodin told Macworld that his exploit works in part by faking - or "spoofing" - the code receipts that Apple issues for in-app purchases which developers use for validation, with the iOS device configured to mistakenly believe that those receipts are coming directly from Apple.


Apple will fix App Store vulnerability with iOS 6Apple to combat App Store hack with device identifier??What the in-app purchase hack means for app makers?Apple says it's investigating App Store hack?Hacker exploits iOS flaw for free in-app purchases

IDG UK Sites

Samsung Galaxy S6 launch as it happened: Galaxy S6 launch video and live blog - watch again as...

IDG UK Sites

5 things we hate about MWC: What it's like to be a journalist at a technology trade show

IDG UK Sites

Interview: Lauren Currie aims to help design students bridge skills gap

IDG UK Sites

12in Retina MacBook Air release date rumours: new MacBook Air to have fingerprint ID, could launch...