+ Reply
Results 1 to 17 of 17

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: Apple Temporarily Patches In-App Purchase Hack

is a discussion within the

iPhone News

forums, a part of the

General iPhone

section;
...
  1. #1
    MMi Staff Writer Akshay Masand's Avatar
    Join Date
    Sep 2011
    Location
    New York City
    Posts
    3,600
    Thanks
    3
    Thanked 116 Times in 102 Posts

    Default Apple Temporarily Patches In-App Purchase Hack


    Apple on Friday recently issued a note to developers outlining a fix for an in-app purchasing exploit that allowed for the free download of content that you had to pay for. Alongside with this note, Apple also announced that the loophole will be plugged when iOS 6 is released this fall.

    According to CNET, Apple recommended that’s app that feature in-app purchases should follow a set of guidelines that includes confirming orders with the company’s new receipt system. The receipt validation protocol, which Apple unveiled on Wednesday, attaches a “unique identifier” to in-app purchase receipts. The tactic effectively prevents the recently-discovered workaround that validated purchases by routing them to a specialized DNS server and spoofing digital receipts. Before this discovery, Apple sent generic receipts containing no unique user data

    Apple spokesman Tom Neumayr said the following: "Apple recommends that developers follow best practices at developer.apple.com to help ensure they are not vulnerable to fraudulent In-App purchases. This will also be addressed with iOS 6.” Friday’s documents includes instructions on how to setup and use Apple’s new validation system as well as how to validate transactions that have already gone through. The document stated the following:

    A vulnerability has been discovered in iOS 5.1 and earlier related to validating in-app purchase receipts by connecting to the App Store server directly from an iOS device. An attacker can alter the DNS table to redirect these requests to a server controlled by the attacker. Using a certificate authority controlled by the attacker and installed on the device by the user, the attacker can issue a SSL certificate that fraudulently identifies the attacker’s server as an App Store server. When this fraudulent server is asked to validate an invalid receipt, it responds as if the receipt were valid.
    As part of controlling the damage that has been done, Apple allowed developers to gain access to certain non-public APIs pertaining to verification and security services. Along with the support document Apple sent out an email to developers noting the exploit will be patched in iOS 6 when the mobile operating system is released alongside an expected next-generation iPhone this fall.

    Source: CNET

    Twitter: @AkshayMasand

  2. #2
    The One and the Only (retired secret moderator) iPod's Avatar
    Join Date
    Aug 2010
    Location
    Planet Earth
    Posts
    2,127
    Thanks
    55
    Thanked 94 Times in 88 Posts

    Piracy is NOT tolerated on modmyi. Please consider reading forum rules
    Last edited by 2k1; 07-21-2012 at 05:03 AM.

    secret moderator... Please hit that THANKS button over there if I helped you in any single way

  3. #3
    Livin the iPhone Life BenderRodriguez's Avatar
    Join Date
    Apr 2008
    Location
    The Future
    Posts
    2,139
    Thanks
    108
    Thanked 239 Times in 197 Posts

    Way to re-quote him so a mod has to step in twice

  4. #4
    What's Jailbreak?
    Join Date
    Dec 2011
    Location
    Milwaukie,OR
    Posts
    12
    Thanks
    0
    Thanked 0 Times in 0 Posts

    I'm curious too. Not that I use them. Just plain ol curious as to what, if anything, will happen to people who use pirated apps.

  5. #5
    Peanut Brain confucious's Avatar
    Join Date
    Oct 2008
    Location
    Woking
    Posts
    10,240
    Thanks
    137
    Thanked 899 Times in 816 Posts

    Quote Originally Posted by Bigred4430 View Post
    I'm curious too. Not that I use them. Just plain ol curious as to what, if anything, will happen to people who use pirated apps.
    Hopefully they will all die a horrible death.
    He who asks a question looks foolish for 5 minutes. He who doesn't ask a question remains foolish forever.

  6. #6
    The One and the Only (retired secret moderator) iPod's Avatar
    Join Date
    Aug 2010
    Location
    Planet Earth
    Posts
    2,127
    Thanks
    55
    Thanked 94 Times in 88 Posts

    Quote Originally Posted by BenderRodriguez View Post
    Way to re-quote him so a mod has to step in twice
    You're welcome! thanks for staying on topic :P

    secret moderator... Please hit that THANKS button over there if I helped you in any single way

  7. #7
    Green Apple
    Join Date
    Aug 2009
    Posts
    40
    Thanks
    1
    Thanked 5 Times in 2 Posts

    I've had every iphone. I have hundreds of PAID apps that either don't work like advertised or broke after an update or are no longer supported or just never woked. The amount of refunds that I have received for these worthless apps equals exactly $0. Forgive me if I don't share your distain for piracy.

  8. #8
    Peanut Brain confucious's Avatar
    Join Date
    Oct 2008
    Location
    Woking
    Posts
    10,240
    Thanks
    137
    Thanked 899 Times in 816 Posts

    Nope. I won't forgive you. Piracy is wrong. If they sell something that doesnt work get a refund.
    He who asks a question looks foolish for 5 minutes. He who doesn't ask a question remains foolish forever.

  9. The Following User Says Thank You to confucious For This Useful Post:

    iPod (07-21-2012)

  10. #9
    iPhone? More like MyPhone Fate1121's Avatar
    Join Date
    Jul 2009
    Posts
    176
    Thanks
    12
    Thanked 56 Times in 40 Posts

    Maybe devs will quit being rip offs with games, charge me a extra few bucks for the game don't rape me with IAP

  11. #10
    iPhone? More like MyPhone djarkiz's Avatar
    Join Date
    Sep 2009
    Location
    Ontario Canada
    Posts
    138
    Thanks
    0
    Thanked 5 Times in 5 Posts

    Quote Originally Posted by kbcox0327 View Post
    I've had every iphone. I have hundreds of PAID apps that either don't work like advertised or broke after an update or are no longer supported or just never woked. The amount of refunds that I have received for these worthless apps equals exactly $0. Forgive me if I don't share your distain for piracy.
    I do agree buddy I've bought a lot of apps that stopped working or crash and never get properly fixed, I've never got a refund for them or money back on my account, I think things like ********** are great because it let's u PREVIEW games u want 2 buy, I think that's fair, I don't know about this in-App thing but towards piracy i don't think it's Wrong to get a preview of the full game before u buy it

  12. #11
    The One and the Only (retired secret moderator) iPod's Avatar
    Join Date
    Aug 2010
    Location
    Planet Earth
    Posts
    2,127
    Thanks
    55
    Thanked 94 Times in 88 Posts

    What do people not get on this forum? Talking about piracy is not tolerate on modmyi! Just because you censor ********** doesn't make it any better.
    Last edited by Simon; 07-21-2012 at 02:34 PM.

    secret moderator... Please hit that THANKS button over there if I helped you in any single way

  13. #12
    Superbad Modder-ator Simon's Avatar
    Join Date
    Nov 2007
    Location
    Bermuda
    Posts
    46,218
    Thanks
    6,587
    Thanked 14,775 Times in 6,871 Posts

    Quote Originally Posted by iPod View Post
    What do people not get on this forum? Talking about piracy is not tolerate on modmyi! Just because you censor ********** doesn't make it any better.
    Actually, the site auto-censors it

  14. #13
    Starbucks Artist mmaboi21's Avatar
    Join Date
    Jan 2011
    Location
    Bakersfield CA.
    Posts
    2,403
    Thanks
    162
    Thanked 207 Times in 160 Posts

    Pirate= scumbag

  15. #14
    The One and the Only (retired secret moderator) iPod's Avatar
    Join Date
    Aug 2010
    Location
    Planet Earth
    Posts
    2,127
    Thanks
    55
    Thanked 94 Times in 88 Posts

    Quote Originally Posted by Simon View Post
    Actually, the site auto-censors it
    Oh haha all this time I've been thinking some wise guys think they can censor it to make it "not as bad" lol

    secret moderator... Please hit that THANKS button over there if I helped you in any single way

  16. #15
    iPhone? More like MyPhone soidroidios's Avatar
    Join Date
    Jun 2012
    Posts
    102
    Thanks
    0
    Thanked 4 Times in 4 Posts

    I'm glad they got that patched. They wouldn't stop hounding me to go get in on their devices. I refused because it was piracy and it probably takes their details.. Now I can tell them that the hack has been patched and may no longer be done. Good riddance.

  17. #16
    My iPhone is a Part of Me PoEtikly's Avatar
    Join Date
    Feb 2011
    Location
    Chicago
    Posts
    580
    Thanks
    2
    Thanked 63 Times in 45 Posts

    Quote Originally Posted by iPod View Post
    Oh haha all this time I've been thinking some wise guys think they can censor it to make it "not as bad" lol
    I in no way promote piracy, but if mmi (which is a FORUM) staff posts an article about PIRACY what do you think is going to happen? If mmi doesn't want that result then they should write the article and close the topic to comments. These articles just instigate the subject to be talked about so let's not put a steak in front of a hungry dog and slap him in the face for going after it.

  18. #17
    Starbucks Artist mmaboi21's Avatar
    Join Date
    Jan 2011
    Location
    Bakersfield CA.
    Posts
    2,403
    Thanks
    162
    Thanked 207 Times in 160 Posts

    Quote Originally Posted by PoEtikly View Post
    I in no way promote piracy, but if mmi (which is a FORUM) staff posts an article about PIRACY what do you think is going to happen? If mmi doesn't want that result then they should write the article and close the topic to comments. These articles just instigate the subject to be talked about so let's not put a steak in front of a hungry dog and slap him in the face for going after it.
    That's where self control comes in bro, I like hearing about this kind of stuff because it lets me know what's going on. I want to be able and comment on this type of article without having to worry whether somebody thinks its promoting piracy. Let people do what they are going to do because it will eventually come back and bite them.

    Side note: I don't condone piracy at all I think those who do are scumbags because they are really doing more harm then they think.

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts