We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

iOS free app hack now working on Mac App Store

Russian hacker has published details of a hack that makes it possible to get free in-app purchases on the Mac App Store

The hacker who published instructions for bypassing Apple's iOS authentication services in order to get free in-app purchases has now published details of a hack that makes it possible to get free in-app purchases on the Mac App Store.

The four step process is outlined on Forbes and includes:

Installing a CA certificateInstalling an in-appstore.com certificateChanging DNS record in the WiFi settingsRunning the Grim Receiper application

It's a similar hack to the iOS version, the main difference being the Grim Receiper tool that enables users to store the purchase receipts on their Mac.

Both hacks are made possible because Apple doesn't link purchases to a customer or device, so a single purchased receipt can be used repeatedly. For now Apple has published some guidelines for developers wishing to protect themselves from the hack. The company says it will address the vulnerability with iOS 6, due out this autumn.

Forbes goes on to point out that any Mac user trying to take advantage of the hack is "sending your Apple ID and password to a third party."

The App Store hack that lets iOS users trick the App Store into giving them in-app purchases for free went public almost two weeks ago. Alexey V. Borodin of Russia built the in-app purchase hack, which requires several steps--including installing bogus certificates on your device, and using a specially-crafted DNS server. Those ingredients combine to fool apps into believing that they're communicating with the App Store, when they're actually going to a Web server that pretends to the App Store instead. Borodin told Macworld that his exploit works in part by faking - or "spoofing" - the code receipts that Apple issues for in-app purchases which developers use for validation, with the iOS device configured to mistakenly believe that those receipts are coming directly from Apple.

Related:

Apple will fix App Store vulnerability with iOS 6Apple to combat App Store hack with device identifier??What the in-app purchase hack means for app makers?Apple says it's investigating App Store hack?Hacker exploits iOS flaw for free in-app purchases


IDG UK Sites

LG G4 Note UK release date and specification rumours: Samsung Galaxy Note 5 killer could be the LG 3......

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 off Retina iMac with new model