We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

iOS free app hack now working on Mac App Store

Russian hacker has published details of a hack that makes it possible to get free in-app purchases on the Mac App Store

The hacker who published instructions for bypassing Apple's iOS authentication services in order to get free in-app purchases has now published details of a hack that makes it possible to get free in-app purchases on the Mac App Store.

The four step process is outlined on Forbes and includes:

Installing a CA certificateInstalling an in-appstore.com certificateChanging DNS record in the WiFi settingsRunning the Grim Receiper application

It's a similar hack to the iOS version, the main difference being the Grim Receiper tool that enables users to store the purchase receipts on their Mac.

Both hacks are made possible because Apple doesn't link purchases to a customer or device, so a single purchased receipt can be used repeatedly. For now Apple has published some guidelines for developers wishing to protect themselves from the hack. The company says it will address the vulnerability with iOS 6, due out this autumn.

Forbes goes on to point out that any Mac user trying to take advantage of the hack is "sending your Apple ID and password to a third party."

The App Store hack that lets iOS users trick the App Store into giving them in-app purchases for free went public almost two weeks ago. Alexey V. Borodin of Russia built the in-app purchase hack, which requires several steps--including installing bogus certificates on your device, and using a specially-crafted DNS server. Those ingredients combine to fool apps into believing that they're communicating with the App Store, when they're actually going to a Web server that pretends to the App Store instead. Borodin told Macworld that his exploit works in part by faking - or "spoofing" - the code receipts that Apple issues for in-app purchases which developers use for validation, with the iOS device configured to mistakenly believe that those receipts are coming directly from Apple.

Related:

Apple will fix App Store vulnerability with iOS 6Apple to combat App Store hack with device identifier??What the in-app purchase hack means for app makers?Apple says it's investigating App Store hack?Hacker exploits iOS flaw for free in-app purchases


IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

Chromebooks: ready for the prime time (but not for everybody)

IDG UK Sites

Hands-on with Sony's latest smartglasses

IDG UK Sites

Apple TV expert tips: get US Apple TV content, watch Google Play, use multiple Apple IDs and more