Apple patching in-app purchase bug that allowed buying for free

Apple patching in-app purchase bug that allowed buying for free
Just recently, news broke that Apple’s implementation of in-app purchases is flawed, allowing hackers like Russian Alexey Borodin to circumvent Apple’s servers and trick apps into thinking you’ve paid for things inside it while you actually haven’t. This was all possible because of two things - first Apple didn’t use a unique identifier for each of the purchases, and secondly because developers often neglected to validate their in-app purchase receipts.

And now Apple is introducing a unique identifier for each of the purchases - a likely step towards patching that bug. It’s actually not completely clear whether the newly implemented unique identifier for in-app purchases is indeed aimed at patching that hole in the system, but at least that’s the most likely reason, especially as Apple adds it mere days after the hack was made public.

For the time being, though, you can still circumvent the system and use a third-party server to fool apps into thinking you are buying items while not actually paying.

source: MacRumors

FEATURED VIDEO

5 Comments

1. quakan

Posts: 1418; Member since: Mar 02, 2011

Hmm should I pay for in-app purchases or try to get it free by going through some Russian hacker's servers and giving him access to my information? Tough decision.

5. bayusuputra

Posts: 963; Member since: Feb 12, 2012

easy solution, throw your iDevice, get android, side load the app, BAM!

2. darktranquillity

Posts: 285; Member since: Feb 28, 2012

Why pay?, download and let apple pay for you from its cash pile.

3. JunkCreek

Posts: 407; Member since: Jul 13, 2012

No malware anyone? Just because they "crackers/hackers" didn't give a d*mn to apple device. When it is d*mned, you can now see. So, please WAKE UP!

4. JunkCreek

Posts: 407; Member since: Jul 13, 2012

No malware anyone? Just because they "crackers/hackers" didn't give a d*mn to apple device. When it is d*mned, you can now see. So, please WAKE UP!

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.