Apple Working To Fix the In-App purchasing exploit in iOS 6

Apple Working To Fix the In-App purchasing exploit in iOS 6 – Earlier this week, we showed you how a Russian hacker hacked the In-App purchasing on iOS which helps users to get in-app purchase for absolutely free cost. Soon after the release of this method over the internet, Apple took the action and removed the video from YouTube. Moreover, they blocked all the servers, so users cannot connect to the hacker’s website.

Now, Apple has taken a further step and has started emailing all the developers about the In-App purchases. Apple has changed the in-app purchases policy so the developers will be able to temporarily fix this problem. However, Apple has also ensured that a permanent fix is coming in iOS 6.

The folks over 9to5Mac said:

“A vulnerability has been discovered in iOS 5.1 and earlier related to validating in-app purchase receipts by connecting to the App Store server directly from an iOS device. An attacker can alter the DNS table to redirect these requests to a server controlled by the attack. Using a certificate authority controlled by the attacker and installed on the device by the user, the attacker can issue a SSL certificate that fraudulently identifies that attacker’s server as an App Store server. When this fraudulent server is asked to validate an invalid receipt, it responds as if the receipt were valid.”

In-App purchases option was introduced back in 2011 which allow users to buy digital things in games or apps using their real money. However, this hack was not less than a nightmare for Apple and according to a source more than $30,000 In-apps purchases were downloaded for absolutely free of cost. But this immediately taken action saved Apple from further lost via In-App purchases.

[Via]

Tweet