Following an exploit allowing users to steal in-app purchases on the iOS App Store, the Russian hacker responsible for the exploit, ever committed to ripping off developers, has now offered a workaround for the Mac App Store as well.
TheNextWeb reports:
Borodin notes […] that he has more in store with his OS X-focused platform: “The another thing is for In-Appstore for OS X. We still waiting for apple’s reaction and we have some cards in the hand. It’s good that OS X is open.”
As we noted, Borodin’s OS X technique is similar to the iOS in-app purchasing flaw and works by bypassing the simple receipt system that Apple has in place for developers. Last week, it had reached 8,460,017 free purchase transactions, according to stats provided by the hacker.
The report also notes that, the hacker has given up on attempting to exploit in app purchases on future versions of iOS, as Apple has fixed the issue in iOS 6, and there is “no way to bypass updated APIs.” Apple also recently shared a fix that developers can use to secure in-app purchases within their apps immediately, before iOS 6 is released.
It’s possible that Apple may also have patched the in-app purchasing exploit in OS X Mountain Lion, although that is yet to be determined.
I find it particularly baffling that people such as this Russian hacker remain determined to steal from developers (and likewise, steal from all of us). Developers work hard, and they deserve to be paid for their efforts.