Alexei Borodin, the guy behind an App Store hack allowing users to “purchase” in-app content without actually paying for it has confirmed that Apple has put an end to the bug that made such a thing possible. The exploit was pretty complex, and involved third-party servers and specially-installed security certificates, but was definitely bad news for Apple and developers nonetheless.
It’s no surprise, then, that Apple worked to patch this security breach ASAP.The bug will be rectified with the release of iOS 6, but until that time Apple has provided developers with updated APIs that validate each digital purchase. Luckily it seems like these APIs are doing their job. According to Borodin,
“Currently we have no way to bypass [the] updated APIs. It’s a good news for everyone, we have updated security in iOS, developers have their air-money. ”By examining last Apple’s statement about in-app purchases in iOS 6, I can say, that currently (the) game is over.”
However, that doesn’t mean this bug wasn’t costly. This exploit reportedly resulted in huge loses for both Apple and developers. More specifically, this exploit allowed over 8,460,017 free purchase transactions which would have been $5.82 million for developers and $2.49 million for Apple, and those are the low estimates! Surprisingly, a similar hack is still up and running for the Mac App Store, but it’s only a matter of time before Apple cracks down on that one as well.
I’ll be surprised to see if Apple brings any legal action against the developer behind this hack. What do you guys think about this whole thing? Comment below or tweet me @TiP_Jake.