In-App Hack Makes its Way to Mac App Store

[Phillip Swanson]

The hacker behind the in-app iOS purchase hack has started focusing on bringing the hack to the Mac OS platform. And it works.




The Mac OS hack utilizes a similar work around on the user side involving the installations of specific security certificates on their machines. Unlike the iOS version though the hack requires the installation a helper program. The program is entitled “Grim Receiper.”

Apple is still mum on the Mac OS X exploit, but users and developers should expect a swift response in the same vein as Apple’s post on their developer site detailing the temporary fix for iOS, and addressing the permanent fix coming in iOS 6 (most likely a Mountain Lion update). The use of a program to work around OS X’s app store could prove

Initial reports estimated that some 30,000 free downloads occurred in the first day after the hack became public. The Next Web now claims that before the fix became available iOS users made as many as 8.4 million free purchases. There is no word on whether Apple and developers can or will charge users for purchases made using the hack.

Source: CNET

[Hogs4Life]

mod edit; comments removed.

[iPod]

Piracy is not tolerated on modmyi. Please consider reading Forum Rules

[hank197857]

that guy has skills. maybe apple should give him a job.

[H4CK3R]

that guy has skills. maybe apple should give him a job.

Anyone can find a glitch or hack in the system. We could say the same about the iPhone Dev Team members but look at them, no job from Apple. Exploiting something means nothing to Apple really.

[NakedFaerie]

Instead of Apple doing the smart thing and fix their faults I bet they will try to sue the guy who found it and attack him instead.

They don't like to admit they have any problems. Apple is NO WAY perfect but they love to think so. Typical American company.

[Senyaichiya]

Instead of Apple doing the smart thing and fix their faults I bet they will try to sue the guy who found it and attack him instead.

They don't like to admit they have any problems. Apple is NO WAY perfect but they love to think so. Typical American company.

Typical American company?
That's any company.

[Anonymous]

Instead of Apple doing the smart thing and fix their faults I bet they will try to sue the guy who found it and attack him instead.

They don't like to admit they have any problems. Apple is NO WAY perfect but they love to think so. Typical American company.

No company is perfect. Please point out a company that is.

As for the American part, all companies would like to think they're the best. Confidence is important for business and your argument is stupid and flawed.

[Rob2G]

Instead of Apple doing the smart thing and fix their faults I bet they will try to sue the guy who found it and attack him instead.

They don't like to admit they have any problems. Apple is NO WAY perfect but they love to think so. Typical American company.

Apple did admit the problem. They are letting devs use their servers for in app purchases and said they have a permanent fix in ios 6. Research before you start saying what they will and won't do and starting insulting their business practices.

[CeeDiggity]

This clown is why we have proposals like PIPA and SOPA and the like...wish people would stop feeling so entitled! We don't want the government telling us what we can and can't do yet we have people who feel the need to steal from others...come on now!

I know someone is going to say this isn't the same as people downloading movies and music and t.v. shows, but seriously, when one wants to get something without paying for it, it's all pretty much the same.

[baRRy boRRis]

Anyone can find a glitch or hack in the system. We could say the same about the iPhone Dev Team members but look at them, no job from Apple. Exploiting something means nothing to Apple really.

I swear that 3 or 4 jailbreak devs/jailbreak exploiters now work for Apple...

[dennder]

This clown is why we have proposals like PIPA and SOPA and the like...wish people would stop feeling so entitled! We don't want the government telling us what we can and can't do yet we have people who feel the need to steal from others...come on now!

I know someone is going to say this isn't the same as people downloading movies and music and t.v. shows, but seriously, when one wants to get something without paying for it, it's all pretty much the same.

The one who created the hack is in now way responsible for people who "use it to get free purchases", in other words he is not responsible for those people use the hack to steal. You don't use your legally owned gun to rob banks or kill people, do you? If you would, would the manufacturer held responsible? Of course no.

[raduga]

If you would, would the manufacturer held responsible? Of course no.

....maybe.

If I were the person using the "legally owned tool" for unlegal purposes, I probably wouldn't get much sympathy from a Judge or Jury. But if I were a victim who suffered injury caused by this "legally owned tool" I might also hold the manufacturer responsible, and I might even have had a decent shot at winning.

not since 2005 though
http://www.nytimes.com/2009/03/10/wa...on/10guns.html

[H4CK3R]

I swear that 3 or 4 jailbreak devs/jailbreak exploiters now work for Apple...

Not really. Comex is pretty much the only one, and he's just an intern...

[confucious]

The one who created the hack is in now way responsible for people who "use it to get free purchases", in other words he is not responsible for those people use the hack to steal. You don't use your legally owned gun to rob banks or kill people, do you? If you would, would the manufacturer held responsible? Of course no.

This 'hack' is created with the sole purpose of stealing (wether from just the developers or from those foolish enough to use it remains to be seen). The perpetrator should be bought to justice.

[ellersbee]

Instead of Apple doing the smart thing and fix their faults I bet they will try to sue the guy who found it and attack him instead.

They don't like to admit they have any problems. Apple is NO WAY perfect but they love to think so. Typical American company.

What are you going to say next? Terrorists should fly a plane into HQ in Cupertino, California?
Why are you hating on America? His comment should be removed. This individual is obviously prejudice.

[bigboyz]

Wow..when is this going to stop! Blatant piracy is wrong on all levels. Hackers like this just put a negative spotlight on modding in general as most don't know the difference to begin with. Think about it..this could fuel Apple's anti jailbreak campaign that much more. Then will all be like "what happened to the jailbreak community?" "My iPhone is not nearly as good as it used to be" I think this could be the beginning of something really bad.

[kyphur]

The one who created the hack is in now way responsible for people who "use it to get free purchases", in other words he is not responsible for those people use the hack to steal. You don't use your legally owned gun to rob banks or kill people, do you? If you would, would the manufacturer held responsible? Of course no.

Oh really? How can you even compare this to a legally owned gun?

There is nothing legal about this... FWIW, anyone who is stupid enough to trust a russian criminal (he losses the moniker of hacker when he crossed the legal line) by installing faked security certificates on either thier iDevice of MAC deserves the potential future problems they’they’re inviting into thier system.

With all of the argements over which is mor secure, PC or MAC I'd say this proves it was never about the system, the user is always the weak point in security!

[high dB]

Piracy is not tolerated on modmyi. Please consider reading Forum Rules

Yet they clearly promote piracy on the front page (YouTube2MP3 on the top right of page) and have done for years they even host apps that cost money to illegally download music videos and films

This 'hack' is created with the sole purpose of stealing (wether from just the developers or from those foolish enough to use it remains to be seen). The perpetrator should be bought to justice.

They hired some cydia devs well b4 comex even started goin there

[domenicp]

Apple did admit the problem. They are letting debs use their servers for in app purchases and said they have a permanent fix in ios 6. Research before you start saying what they will and won't do and starting insulting their business practices.

+1