+ Reply
Page 1 of 2 12 LastLast
Results 1 to 20 of 29

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: Apple's New APIs Prevent In-App Hack

is a discussion within the

Mac News

forums, a part of the

General Apple/Mac

section;
...
  1. #1
    MMi Staff Writer Akshay Masand's Avatar
    Join Date
    Sep 2011
    Location
    New York City
    Posts
    3,901
    Thanks
    3
    Thanked 122 Times in 107 Posts

    Default Apple's New APIs Prevent In-App Hack


    Alexey Borodin, the Russian hacker responsible for discovering a system that circumvents in-app purchases recently confirmed that Apple’s newly-instituted receipt validation system is in fact effective. In a new blog post titled “It’s all over… for now” on his website, Borodin said that there is no way to bypass the new APIs Apple rolled out late last week as a quick fix for the revenue-stealing exploit which was made public earlier.

    The exploit, which validated fraudulent purchases by routing them through a specialized DNS server that spoofed digital receipts. was discovered first for the iOS platform and more recently for Mac apps. Apple responded by blocking the IP addresses associated with Borodin’s workaround and attempted to shut down the DNS servers hosting the receipt validations.

    Apple announced a temporary solution to developers allowing them to plug the hole days later and announced that a permanent fix would be present in the upcoming iOS 6 mobile operating system. Borodin posted the following on his blog:

    Hello everyone.

    By examining last apple's statement about in-app purchases in iOS 6, I can say, that currently game is over. Currently we have no way to bypass updated APIs. It's a good news for everyone, we have updated security in iOS, developers have their air-money.
    But, service will still remain operational until iOS 6 comes out.

    The another thing is for in-appstore for OS X. We still waiting for apple's reaction and we have some cards in the hand. It's good that OS X is open.
    Apple’s solution leverages receipts which carry a “unique identifier” to validate in-app purchases. The previous system just generated generic receipts with no specific user data attached, therefore allowing for easy spoofed validations. As of right now, it isn’t clear what type of unique identifier is being used, although some are speculating that it could be a proprietary system based on UDID data.

    It isn’t much of a surprise to see such a big issue being responded to so quickly. Especially given the sheer number of those affected by a loss in revenue due to the exploit. That being said, many do wonder if this will turn to another cat-and-mouse game, although this is definitely one Apple will stay on top of with utmost importance.

    Source: Alexey Borodin (blog)

    Twitter: @AkshayMasand

  2. #2
    Livin the iPhone Life
    Join Date
    Jul 2010
    Posts
    1,088
    Thanks
    46
    Thanked 35 Times in 29 Posts

    Vodka bears!

  3. #3
    What's Jailbreak?
    Join Date
    Jul 2007
    Posts
    15
    Thanks
    0
    Thanked 4 Times in 4 Posts

    Default Another workaround! No need for in-app purchases
    Mod edit: comment removed
    Last edited by i.Annie; 07-23-2012 at 07:44 PM.

  4. #4
    iPhone? More like MyPhone
    Join Date
    Mar 2008
    Posts
    228
    Thanks
    15
    Thanked 34 Times in 13 Posts

    mod edit, comment removed.
    Last edited by blkcadi; 07-23-2012 at 05:40 PM.

  5. #5
    Green Apple
    Join Date
    Jan 2012
    Posts
    32
    Thanks
    3
    Thanked 0 Times in 0 Posts

    Quote Originally Posted by romeoz View Post
    it not like this is new news....
    Read the forum Rules.
    Last edited by blkcadi; 07-23-2012 at 05:41 PM.

  6. #6
    What's Jailbreak?
    Join Date
    Jul 2012
    Posts
    27
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Good thing this is over.

    Mod edit: Unnecessary comment removed.
    Last edited by i.Annie; 07-23-2012 at 07:44 PM.

  7. #7
    My iPhone is a Part of Me mustard05's Avatar
    Join Date
    Jul 2010
    Posts
    603
    Thanks
    11
    Thanked 21 Times in 16 Posts

    HAHA, I feel like I should make a comment that should be edited or modified by the admin. I mean, every other comment has been edited. LOL

  8. #8
    iPhone? More like MyPhone Agent929's Avatar
    Join Date
    Oct 2011
    Location
    USA
    Posts
    271
    Thanks
    2
    Thanked 2 Times in 2 Posts

    Quote Originally Posted by mustard05 View Post
    HAHA, I feel like I should make a comment that should be edited or modified by the admin. I mean, every other comment has been edited. LOL
    Wow way to ruin the article with all the edits lol
    War is my mission. Killing is my ambition.

  9. #9
    My iPhone is a Part of Me mustard05's Avatar
    Join Date
    Jul 2010
    Posts
    603
    Thanks
    11
    Thanked 21 Times in 16 Posts

    Quote Originally Posted by Agent929 View Post
    Wow way to ruin the article with all the edits lol
    Just goes to show you, they(admin) can say whatever they like, but us little people will be edited or modified. Haha

  10. #10
    iPhone? More like MyPhone Agent929's Avatar
    Join Date
    Oct 2011
    Location
    USA
    Posts
    271
    Thanks
    2
    Thanked 2 Times in 2 Posts

    Quote Originally Posted by mustard05 View Post
    Just goes to show you, they(admin) can say whatever they like, but us little people will be edited or modified. Haha
    So true lol
    War is my mission. Killing is my ambition.

  11. #11
    What's Jailbreak?
    Join Date
    Jul 2012
    Posts
    27
    Thanks
    0
    Thanked 0 Times in 0 Posts

    I said good thing it's over but there is a way to get free iaps

  12. #12
    My iPhone is a Part of Me mustard05's Avatar
    Join Date
    Jul 2010
    Posts
    603
    Thanks
    11
    Thanked 21 Times in 16 Posts

    Quote Originally Posted by xXR3H@NXx. View Post
    I said good thing it's over but there is a way to get free iaps
    That's it? Seriously?

  13. #13
    iPhone? More like MyPhone
    Join Date
    Mar 2008
    Posts
    228
    Thanks
    15
    Thanked 34 Times in 13 Posts

    I just said this is nothing new....
    Last edited by blkcadi; 07-23-2012 at 09:48 PM.

  14. #14
    iPhoneaholic MXCO's Avatar
    Join Date
    Sep 2010
    Location
    Seattle
    Posts
    418
    Thanks
    8
    Thanked 34 Times in 30 Posts

    Quote Originally Posted by romeoz View Post
    I just said this is nothing new.........this site is starting to become a joke...
    +1
    Last edited by blkcadi; 07-23-2012 at 09:50 PM.
    "You may say I'm a dreamer, but I'm not"

  15. #15
    My iPhone is a Part of Me mustard05's Avatar
    Join Date
    Jul 2010
    Posts
    603
    Thanks
    11
    Thanked 21 Times in 16 Posts

    Quote Originally Posted by romeoz View Post
    I just said this is nothing new.........this site is starting to become a joke...
    I had a post removed earlier this evening on a different post by the Mods. Oh well…. Just laugh and move on. They obviously are having issues.
    Last edited by blkcadi; 07-23-2012 at 09:47 PM.

  16. #16
    Green Apple
    Join Date
    May 2008
    Posts
    92
    Thanks
    11
    Thanked 8 Times in 7 Posts

    Got what I wanted days ago, so did millions. Suck on that Apple!

  17. #17
    My iPhone is a Part of Me mustard05's Avatar
    Join Date
    Jul 2010
    Posts
    603
    Thanks
    11
    Thanked 21 Times in 16 Posts

    Quote Originally Posted by Hogs4Life View Post
    Got what I wanted days ago, so did millions. Suck on that Apple!
    Why are u here then?? Seriously.

  18. #18
    Green Apple
    Join Date
    Dec 2007
    Posts
    48
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Quote Originally Posted by mustard05 View Post
    Why are u here then?? Seriously.
    We are here to get the latest news. I actually didn't know about the inapp purchase hack until I saw it on here and then google found it for me

  19. #19
    iPhone? More like MyPhone kyphur's Avatar
    Join Date
    Feb 2011
    Posts
    117
    Thanks
    0
    Thanked 10 Times in 5 Posts

    Quick question for anyone who actually used the Russian Hack:

    Is a few free in app purchases really worth the risk allowing a hacker access to your iDevice? Seriously once shutdown those "purchases" won't stick as they're not recorded in Apple's system.

  20. #20
    What's Jailbreak?
    Join Date
    Jul 2012
    Posts
    27
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Quote Originally Posted by mustard05 View Post
    That's it? Seriously?
    Yup and its safe but not all games work but most games and it's a cydia tweak. You wanna know?

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts