Apple has responded to the discovery of a way of circumventing the in-app purchase validation process for iOS by unveiling a fix designed to curb the practice.
The firm has added a series of 'best practices' to its devloper library and released two of its private APIs, which when implemented ensure apps are not vulnerable to the attack.
Playing payments
The exploit, revealed by Russian hacker Alexey V. Borodin, allows users to download in-game content without charge by bypassing the App Store's server.
Receipt validation requests are instead redirected to a proxy server maintained by Borodin.
As a result, The Guardian reports that more than 8.4 million fake in-app purchases have been made to date.
Game over
Apple claims that developers that implement said APIs should know longer be vulnerable to the technique, though the security breach will not be permanently plugged until the launch of iOS 6.
"By examining Apple's statement about in-app purchases in iOS 6, I can say, that currently game is over," said Borodin of Apple's response.
"Currently we have no way to bypass updated APIs. It's a good news for everyone - we have updated security in iOS, developers have their air-money. But, service will still remain operational until iOS 6 comes out."
[source: Apple]
Top Stories
News
4 hours, 21 minutes ago
App Store developers can start nominating their games for featuring later this year
News
5 hours, 36 minutes ago
Apple joins generative AI revolution with Apple Intelligence and ChatGPT support
News
10 hours, 34 minutes ago
Royal Match takes a sweet lead over Candy Crush as Honkai: Star Rail zooms by Genshin Impact
News
12 hours, 36 minutes ago
Devsisters’ Chris O’Kelly talks upselling IP to fans across multiple games without cannibalization
News
12 hours, 36 minutes ago
Devsisters’ Chris O’Kelly talks upselling IP to fans across multiple games without cannibalization
Feature
Jun 10th, 2024
Hot Five: Squad Busters’ supercharged launch, Pokémon’s record revenue, and Star Wars: Hunters finally hits the target
Events
Tribeca Games Festival 2024 | North America | Jun 5th |
Steam Next Fest: June 2024 Edition | Jun 10th | |
WN Conference Istanbul 2024 | Jun 11th | |
GamesForum Hamburg 2024 | Europe | Jun 11th |
ESI London 2024 | Europe | Jun 13th |
Game Con Canada (GCC) 2024 | North America | Jun 14th |
Indie Dev Play 2024 | Europe | Jun 14th |
DevGAMM Vilnius 2024 | Europe | Jun 14th |