After iOS, the Russian hacker also targeted the Mac App Store

25. 7. 2012

Although Apple has closed the gap that Alexei Borodin found in shopping within iOS applications, which bypassed using a hack, and downloaded paid add-ons for free, but now he has to deal with another problem – a Russian hacker has also "broken into" the Mac App Store.

Borodin uses a very similar method as in iOS, where he tricked Apple's servers and allowed users to download so-called "in-app purchases" in applications for free. However, Cupertino already managed to react to the hole in iOS by banning several IP addresses, dropping guest servers and increasing protection in the mobile operating system.

That's why Borodin has now turned to computers and offers the same option on Mac as well - free download of paid content from applications from the Mac App Store. Service In-Appstore for OS X it's basically the same as the one Borodin used on iOS, but slightly different.

On your Mac, you first need to install two certificates and then point your DNS to Borodin's server. It acts as the Mac App Store and verifies transactions. At the same time, the application must be running on your computer Grim Receiper, which makes the whole process easier. Then it is no longer difficult to download paid content for free. According to Borodin, his method has already reached less than 8,5 million transactions, although it is not certain whether the Mac App Store is included in this number.

A small consolation may be that in-app purchases are much less widespread on Mac than on iOS, but even so, Apple will certainly take action against the Russian hacker. iOS has already given developers the ability to encrypt and authenticate digital payments with Apple by releasing two previously private APIs to the public. It is not yet clear whether Apple can do something similar with the Mac App Store, however, we can expect certain steps from its side in the near future.

Source: TheNextWeb.com

Topics: hacker, appstore, Počítač, App Store, Mac, app, iOS, user, Application, Apple Lossless Audio CODEC (ALAC),

Discussion of the article

Petr

25. 7. 2012 10:47

And the boy still thinks that Apple will hire him? I would let him pay for the 8,5 million transactions. Not to Apple, but to developers…

Jakub Valníček

25. 7. 2012 12:01

Either he will be employed by Kaspersky Lab or they will close him down :D

Your name

Your comment

By filling in the above data, I acknowledge that the company TEXT FACTORY s.r.o., registered office in Brno, Durďákova 336/29, Černá Pole, ZIP code: 613 00, ID number: 06157831, registered at the Regional Court in Brno, section C, insert 100399, will process my personal data provided in the registration form filled out by me on the basis of the legitimate interests of TEXT FACTORY s.r.o. according to Article 6 paragraph 1 letter f) GDPR and to fulfill legal obligations (Article 6, paragraph 1, letter c) GDPR), for the following purposes: the necessity to ensure the authorization of visitors to websites operated by TEXT FACTORY s.r.o. to actively contribute to published articles or within discussion forums and exercising the rights of TEXT FACTORY s.r.o. as the administrator of these discussion forums. More information about the processing of personal data and rights can be found in Lessons on personal data protection. the entire text

Source: TheNextWeb.com

Related