• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • Apple Temporarily Patches In-App Purchase Hack
    by
    Akshay Masand
    Published on 07-20-2012 09:57 PM
    16 Comments Comments


    Apple on Friday recently issued a note to developers outlining a fix for an in-app purchasing exploit that allowed for the free download of content that you had to pay for. Alongside with this note, Apple also announced that the loophole will be plugged when iOS 6 is released this fall.

    According to CNET, Apple recommended that’s app that feature in-app purchases should follow a set of guidelines that includes confirming orders with the company’s new receipt system. The receipt validation protocol, which Apple unveiled on Wednesday, attaches a “unique identifier” to in-app purchase receipts. The tactic effectively prevents the recently-discovered workaround that validated purchases by routing them to a specialized DNS server and spoofing digital receipts. Before this discovery, Apple sent generic receipts containing no unique user data

    Apple spokesman Tom Neumayr said the following: "Apple recommends that developers follow best practices at developer.apple.com to help ensure they are not vulnerable to fraudulent In-App purchases. This will also be addressed with iOS 6.” Friday’s documents includes instructions on how to setup and use Apple’s new validation system as well as how to validate transactions that have already gone through. The document stated the following:

    A vulnerability has been discovered in iOS 5.1 and earlier related to validating in-app purchase receipts by connecting to the App Store server directly from an iOS device. An attacker can alter the DNS table to redirect these requests to a server controlled by the attacker. Using a certificate authority controlled by the attacker and installed on the device by the user, the attacker can issue a SSL certificate that fraudulently identifies the attacker’s server as an App Store server. When this fraudulent server is asked to validate an invalid receipt, it responds as if the receipt were valid.
    As part of controlling the damage that has been done, Apple allowed developers to gain access to certain non-public APIs pertaining to verification and security services. Along with the support document Apple sent out an email to developers noting the exploit will be patched in iOS 6 when the mobile operating system is released alongside an expected next-generation iPhone this fall.

    Source: CNET
    This article was originally published in forum thread: Apple Temporarily Patches In-App Purchase Hack started by Akshay Masand View original post
    Categories:
    1. iPhone,
    2. iOS,
    3. Apple,
    4. iPad
    Comments 16 Comments
    1. iPod's Avatar
      iPod - 07-20-2012, 10:55 PM
      Piracy is NOT tolerated on modmyi. Please consider reading forum rules
    1. BenderRodriguez's Avatar
      BenderRodriguez - 07-21-2012, 12:37 AM
      Way to re-quote him so a mod has to step in twice
    1. Bigred4430's Avatar
      Bigred4430 - 07-21-2012, 02:06 AM
      I'm curious too. Not that I use them. Just plain ol curious as to what, if anything, will happen to people who use pirated apps.
    1. confucious's Avatar
      confucious - 07-21-2012, 02:13 AM
      Quote Originally Posted by Bigred4430 View Post
      I'm curious too. Not that I use them. Just plain ol curious as to what, if anything, will happen to people who use pirated apps.
      Hopefully they will all die a horrible death.
    1. iPod's Avatar
      iPod - 07-21-2012, 07:31 AM
      Quote Originally Posted by BenderRodriguez View Post
      Way to re-quote him so a mod has to step in twice
      You're welcome! thanks for staying on topic :P
    1. kbcox0327's Avatar
      kbcox0327 - 07-21-2012, 08:51 AM
      I've had every iphone. I have hundreds of PAID apps that either don't work like advertised or broke after an update or are no longer supported or just never woked. The amount of refunds that I have received for these worthless apps equals exactly $0. Forgive me if I don't share your distain for piracy.
    1. confucious's Avatar
      confucious - 07-21-2012, 09:10 AM
      Nope. I won't forgive you. Piracy is wrong. If they sell something that doesnt work get a refund.
    1. Fate1121's Avatar
      Fate1121 - 07-21-2012, 09:19 AM
      Maybe devs will quit being rip offs with games, charge me a extra few bucks for the game don't rape me with IAP
    1. djarkiz's Avatar
      djarkiz - 07-21-2012, 02:18 PM
      Quote Originally Posted by kbcox0327 View Post
      I've had every iphone. I have hundreds of PAID apps that either don't work like advertised or broke after an update or are no longer supported or just never woked. The amount of refunds that I have received for these worthless apps equals exactly $0. Forgive me if I don't share your distain for piracy.
      I do agree buddy I've bought a lot of apps that stopped working or crash and never get properly fixed, I've never got a refund for them or money back on my account, I think things like ********** are great because it let's u PREVIEW games u want 2 buy, I think that's fair, I don't know about this in-App thing but towards piracy i don't think it's Wrong to get a preview of the full game before u buy it
    1. iPod's Avatar
      iPod - 07-21-2012, 02:22 PM
      What do people not get on this forum? Talking about piracy is not tolerate on modmyi! Just because you censor ********** doesn't make it any better.
    1. Simon's Avatar
      Simon - 07-21-2012, 02:34 PM
      Quote Originally Posted by iPod View Post
      What do people not get on this forum? Talking about piracy is not tolerate on modmyi! Just because you censor ********** doesn't make it any better.
      Actually, the site auto-censors it
    1. mmaboi21's Avatar
      mmaboi21 - 07-21-2012, 02:49 PM
      Pirate= scumbag
    1. iPod's Avatar
      iPod - 07-21-2012, 06:17 PM
      Quote Originally Posted by Simon View Post
      Actually, the site auto-censors it
      Oh haha all this time I've been thinking some wise guys think they can censor it to make it "not as bad" lol
    1. soidroidios's Avatar
      soidroidios - 07-22-2012, 10:05 AM
      I'm glad they got that patched. They wouldn't stop hounding me to go get in on their devices. I refused because it was piracy and it probably takes their details.. Now I can tell them that the hack has been patched and may no longer be done. Good riddance.
    1. PoEtikly's Avatar
      PoEtikly - 07-23-2012, 06:31 AM
      Quote Originally Posted by iPod View Post
      Oh haha all this time I've been thinking some wise guys think they can censor it to make it "not as bad" lol
      I in no way promote piracy, but if mmi (which is a FORUM) staff posts an article about PIRACY what do you think is going to happen? If mmi doesn't want that result then they should write the article and close the topic to comments. These articles just instigate the subject to be talked about so let's not put a steak in front of a hungry dog and slap him in the face for going after it.
    1. mmaboi21's Avatar
      mmaboi21 - 07-23-2012, 09:40 AM
      Quote Originally Posted by PoEtikly View Post
      I in no way promote piracy, but if mmi (which is a FORUM) staff posts an article about PIRACY what do you think is going to happen? If mmi doesn't want that result then they should write the article and close the topic to comments. These articles just instigate the subject to be talked about so let's not put a steak in front of a hungry dog and slap him in the face for going after it.
      That's where self control comes in bro, I like hearing about this kind of stuff because it lets me know what's going on. I want to be able and comment on this type of article without having to worry whether somebody thinks its promoting piracy. Let people do what they are going to do because it will eventually come back and bite them.

      Side note: I don't condone piracy at all I think those who do are scumbags because they are really doing more harm then they think.