Russian hacker promises tougher fight to come

Apple fixes in-app purchases hack

Apple has plugged a gap in security that allowed a Russian hacker, Alexey Borodin, to hijack in app purchases on the app store.

Apple has addressed the problem by publishing a "best practices" paper, in which the company makes the unusual move of encouraging use of a private API.

"[The] game is over," said Borodin. "Currently we have no way to bypass updated APIs."

"It’s good news for everyone; we have updated security in iOS, developers have their air-money."

The hack consisted of configuration changes and fake certification files that routed purchases through a hoax server, allowing a user to gain access to digital goods for free.

There have already been tens of thousands of illicit downloads, and the cost to developers can only be guessed at.

But the Russian security revolutionary is not finished yet and, according to Gamasutra, plans to take his campaign to the Mac App store.

Borodin released a similar exploit for the Mac on friday, again allowing users to bypass in app purchases and loot digital goods.

Apple has not yet released a fix, and Borodin has implied that this time, he is ready for Apple’s rebuttal.

About MCV Staff

Check Also

Doing game research? GameIntel lets you search hundreds of thousands of games tagged with contextual metadata

GameIntel has tagged over 150k games with information like sub-genre, mechanics, aesthetics, and much more. All to help power your game research [created in association with GameAnalytics]