Recently, Apple suffered a lot of headache when Russian hacker Alex Borodin took advantage of an in-app purchasing exploit to provide users with paid content for free. Apple tried their best to fix it.
Now Apple’s efforts have paid off. The Cupertino, California-based company has developed a fix that will make its debut in iOS 6. According to Borodin, this new fix is almost impossible to bypass.
Borodin’s exploit made it incredibly easy for anyone with an iOS device to obtain paid in-app purchases for free, simply by using his servers to bypass the receipt system that Apple has in place for developers.
Apple has already taken some steps to prevent the hack, such as having Borodin’s servers shut down and banning his IP addresses. Apple also gave developers access to certain parts of its Application Programming Interfaces (APIs), which they do not usually have access to, so that they could implement an immediate fix.
In iOS 6, however, Apple will finally put an end to this game of cat-and-mouse.
In a post on his blog, Borodin confirmed there is “no way to bypass updated APIs.” He admitted that “the game is over.” He also insisted that his hack has led to “updated security in iOS.”
Apple’s fix will rollout with iOS 6, so it is up to developers to make the necessary changes to block Borodin’s hack until then. Borodin says he will keep the service going to take advantage of those apps that are not updated. However, he has plans to close it when iOS 6 is released later this year.
It’s in developers’ interests to make their own fixes as soon as possible. Because until they do, users would be able to obtain their in-app content for free. And there are a lot of users who are willing to do this, too. According to Borodin’s statistics, 8,460,017 free purchase transactions had been processed by last week.
As for his Mac OS X hack, which does almost exactly the same thing, Borodin says he will keep that going. Apple is yet to react on his Mac hack. Borodin says that “we have some cards in the hand,” and that “it’s good that OS X is open.”
Source: Cult Of Mac