We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
 
74,953 News Articles

iOS free app hack now working on Mac App Store

Russian hacker has published details of a hack that makes it possible to get free in-app purchases on the Mac App Store

The hacker who published instructions for bypassing Apple's iOS authentication services in order to get free in-app purchases has now published details of a hack that makes it possible to get free in-app purchases on the Mac App Store.

The four step process is outlined on Forbes and includes:

Installing a CA certificateInstalling an in-appstore.com certificateChanging DNS record in the WiFi settingsRunning the Grim Receiper application

It's a similar hack to the iOS version, the main difference being the Grim Receiper tool that enables users to store the purchase receipts on their Mac.

Both hacks are made possible because Apple doesn't link purchases to a customer or device, so a single purchased receipt can be used repeatedly. For now Apple has published some guidelines for developers wishing to protect themselves from the hack. The company says it will address the vulnerability with iOS 6, due out this autumn.

Forbes goes on to point out that any Mac user trying to take advantage of the hack is "sending your Apple ID and password to a third party."

The App Store hack that lets iOS users trick the App Store into giving them in-app purchases for free went public almost two weeks ago. Alexey V. Borodin of Russia built the in-app purchase hack, which requires several steps--including installing bogus certificates on your device, and using a specially-crafted DNS server. Those ingredients combine to fool apps into believing that they're communicating with the App Store, when they're actually going to a Web server that pretends to the App Store instead. Borodin told Macworld that his exploit works in part by faking - or "spoofing" - the code receipts that Apple issues for in-app purchases which developers use for validation, with the iOS device configured to mistakenly believe that those receipts are coming directly from Apple.

Related:

Apple will fix App Store vulnerability with iOS 6Apple to combat App Store hack with device identifier??What the in-app purchase hack means for app makers?Apple says it's investigating App Store hack?Hacker exploits iOS flaw for free in-app purchases

Dell XP Migration SMB
Dell XP Migration SMB
IDG UK Sites

Lytro Illum release date, price and specs: Light field camera goes 3D

IDG UK Sites

Tim Cook says Apple aims to be best, not first, hinting that iWatch is coming

IDG UK Sites

Twitter - not news

IDG UK Sites

Fun film festival trailer plays with classic movie scenes