Last week, we reported a hack on Apple devices from iOS 3.0 to 6.0 by Russian developer Alexey V. Borodin. This hacking method allowed users to easily obtain in-app content for free by using a proxy called in-appstore.com. Just as Apple has announced a temporary solution for developers, Borodin launched a new hacking method on Mac OS X.
Using a similar circumvention method, Borodin introduced his new hack for Mac users. After installing the CA and in-appstore.com certificates, the user directs their computer to Borodin’s server and tricks it into thinking it is the Mac App Store. This proxy validates the false purchase.
In addition, the user needs to install a companion app named “Grim Reciper” for the illegal method to work on Mac OS X. Its purpose is to store receipts for reuse. The vulnerability lies in the fact that Apple does not match a particular receipt to a purchase, so a purchased receipt can be reused. Apple’s receipt system is effectively bypassed with Borodin’s system.
Millions of users have already taken advantage of this loophole in the in-app purchasing process. Borodin has stated that about 8.46 million false transactions have been made using his method. This indicates significant loss in revenue for app developers and Apple.
While Apple’s permanent fix for its mobile devices will only arrive in the latest iOS, they might be able to incorporate a solution in the OS X 10.8 Mountain Lion scheduled to be launched later this month.