Russian Hacker Now Exploiting Mac In-App Purchases As Well
Posted July 21, 2012 at 12:29am by iClarified
Alexei Borodin, the hacker who has created a service that exploits App Store in-app purchases to allow for free transactions, has now released a service for Mac, reports TNW.
After installing two local certificates, a user points their computer's DNS settings at Borodin's server and it pretends to be the Mac App Store, issuing verification of the purchase. It's not incredibly simple, but it's not all that hard either. This time there is a companion app called 'Grim Receiper that must be run on the local machine to facilitate the process as well.
It effectively bypasses the simple receipt system that Apple has in place for developers,which has allowed over 8,460,017 free purchase transactions, according to stats provided by the hacker.
Earlier today Apple announced that it would close the vulnerability with the release of iOS 6 and provided developers instructions on how to circumvent the exploit immediately. The company will now have to work on a solution for Mac developers as well.
Read More
After installing two local certificates, a user points their computer's DNS settings at Borodin's server and it pretends to be the Mac App Store, issuing verification of the purchase. It's not incredibly simple, but it's not all that hard either. This time there is a companion app called 'Grim Receiper that must be run on the local machine to facilitate the process as well.
It effectively bypasses the simple receipt system that Apple has in place for developers,which has allowed over 8,460,017 free purchase transactions, according to stats provided by the hacker.
Earlier today Apple announced that it would close the vulnerability with the release of iOS 6 and provided developers instructions on how to circumvent the exploit immediately. The company will now have to work on a solution for Mac developers as well.
Read More