Free For All: The Mac App Store's In-App Purchasing Has Been Hacked Too

Alexey Borodin, the programmer responsible for the iOS App Store hack earlier this month has managed to repeat his success on Apple's Mac App Store. The hack allows users to make in-app purchases from the service without paying for them.

We won't be publishing detailed steps here, sufficed to say that it requires little more than installing a security certificate, tweaking some DNS settings and running a special program to keep your App Store receipts, as described on the following page. The DNS settings need to be reverted once a purchase is made, but otherwise, it's scarily straightforward.

While not as significant as the iOS hack, it's still a worrying security issue for Apple and the developers who make a living off of its App Store. Apple has stated that a fix for the first hack will be available come iOS 6. Until then, Apple has provided developers with information on how to properly validate receipts, but it's up to them to implement these measures.

[The hack, via ZDNet]

Image: Apple



    Wow. Thats a big hole, but Apple are real jerks by not helping the developers using their platform to defend from theft until iOS6 / OSX. Thats not very fair.

      Ummm, you do know that Apple told developers to code sign their apps months ago, right? Coz if they followed that advice, this wouldn't be happening. But its Apples fault anyway. Yeah, whatever you say.

    Many people are saying Apple has lost the plot after Steve Jobs. They are making too many uncharacteristic mistakes and it's only a matter of time before they nose dive again like the last time Jobs left the company...

      They having made any significant mistakes yet, certainly no better or worse than when Jobs was in charge. This is just a hack, probably only 0.01% of iOS or OSX users will ever take advantage of it, it's not a sign of some inevitable decline.

      What a load of rubbish *rolls eyes*

      One can only hope. Apple is an evil company. Anyone who spends an ounce of effort developing for their platform deserves to get ripped off.. They make Microsoft look like freaking Mother Theresa.

        Yep, keep justifying your piracy.

      Yet another prick on the net

    Not surprised in the least. No operating system is free from this.

    Digital shoplifting?

    If you are a hacker, you just love Apple - magical ! It just works !

    I'm sorry what!?

    "We won’t be publishing detailed steps here"

    "Here's the link to the steps. . ." What's the difference?

    It's like you're saying "We won't tell you how to do it, but here. (hands printed document over) Read this manual on how to do it, but it wasn't us who told you".

      A simple search would find it for you, they cite their source, your choice to click the link. Your choice to be a simpleton as well, good luck with that.

Join the discussion!