Apple has responded to the discovery of a way of circumventing the in-app purchase validation process for iOS by unveiling a fix designed to curb the practice.
The firm has added a series of 'best practices' to its devloper library and released two of its private APIs, which when implemented ensure apps are not vulnerable to the attack.
Playing payments
The exploit, revealed by Russian hacker Alexey V. Borodin, allows users to download in-game content without charge by bypassing the App Store's server.
Receipt validation requests are instead redirected to a proxy server maintained by Borodin.
As a result, The Guardian reports that more than 8.4 million fake in-app purchases have been made to date.
Game over
Apple claims that developers that implement said APIs should know longer be vulnerable to the technique, though the security breach will not be permanently plugged until the launch of iOS 6.
"By examining Apple's statement about in-app purchases in iOS 6, I can say, that currently game is over," said Borodin of Apple's response.
"Currently we have no way to bypass updated APIs. It's a good news for everyone - we have updated security in iOS, developers have their air-money. But, service will still remain operational until iOS 6 comes out."
[source: Apple]
Top Stories
News
10 hours, 54 minutes ago
Week in Views - Squads busted, Apple crushed, War zoned and Snoozin' with the Snorlax…
News
10 hours, 54 minutes ago
Week in Views - Squads busted, Apple crushed, War zoned and Snoozin' with the Snorlax…
Feature
12 hours, 6 minutes ago
Speaker Spotlight: Dubai Future Foundation's Faisal Kazim on leading Dubai's gaming charge
Events
Esports Future Summit | Middle East | Apr 27th |
Dubai GameExpo Summit 2024 | Middle East | May 1st |
The MENA Games Industry Awards 2024 | Middle East | May 2nd |
GameDev Atlantic 2024 | May 4th | |
Mobidictum Meetup Berlin May 2024 | Europe | May 7th |
Mobidictum Meetup Tallinn May 2024 | Europe | May 21st |
Israel Mobile Summit 2024 | Middle East | Jun 6th |
DevGAMM Vilnius 2024 | Europe | Jun 14th |
Popular Stories
News
Apr 23rd, 2024
Supercell’s Squad Busters soft launches today with over 100,000 Google Play downloads
Feature
Apr 24th, 2024