exploit

The creator of an exploit that let users purchase digital goods inside of iOS apps without actually paying for them said today that Apple's fix puts the hack out of business.

"Currently we have no way to bypass [the] updated APIs," creator Alexei Borodin wrote in a post on his development blog. "It's a good news for everyone, we have updated security in iOS, developers have their air-money."

Borodin says that the exploit, which requires the use of third-party servers and specially-installed security certificates, will continue to be up and running until Apple releases … Read more

The exploit that allowed users to purchase digital goods inside iOS apps without actually paying has jumped platforms and now works on Apple's Mac platform.

The Next Web notes that programmer Alexei Borodin, who created the iOS in-app purchase exploit, now has a similar solution for apps purchased in Apple's Mac App Store. Like the exploit for iOS, this too requires that users install special security certificates on their machines, though it also requires the installation of an extra helper program.

Earlier today Apple said it had a fix coming in the next version of iOS, due out … Read more

Apple is not too pleased with Russian hacker Alexey V. Borodin, and a hack he developed that allows iDevice owners to install in-app goods without paying for them.

According to The Next Web, Apple over the weekend blocked the IP addresses of the server Borodin used to facilitate the hack. In addition, the company issued a takedown request to his server's hosting provider. Apple even requested that the video Borodin posted showing his technique in action be removed from YouTube due to a copyright violation.

Borodin last week surfaced with an exploit that re-routes in-app purchase requests away from Apple or a developer's secured server … Read more

A new exploit aimed at iOS devices enables users to gain free access to paid content within applications, thereby circumventing built-in security measures.

The hack, which was detailed by a Russian programmer and picked up by 9to5mac this morning (via i-ekb.ru), uses a proxy system to send purchase requests to third-party servers where they are validated and sent back to the application as if the transaction had gone through. However before that happens, users need to install special security certificates on their device, as well as be on a Wi-Fi network.

The individual behind the effort has already created … Read more

SAN FRANCISCO--Ever click a link to a Web site and discover that while it looks like your banking site, or Facebook, the URL didn't match your expectations? That's called phishing. Kaspersky revealed a new feature at a reviewer's conference here yesterday that the company says can stop such credential-stealing attacks before you get hooked.

Automatic Exploit Prevention, as the feature is called, is expected in the Kaspersky 2013 security suites due in August. The premise behind it is simple: Phishing attacks are on the rise, due in large part to the plummeting cost of entry to the … Read more

It's hard not to be affected by an article titled "Kids Raped, Sodomized on Facebook Pages," the first of a four-part WND series about child porn and Facebook.

The article alleges that the blog "located dozens of child porn images after 'friending' many likely pedophiles and predators who trade thousands of pornographic photos on the social network."

Unlike legal "adult pornography," child porn depicts sexual exploitation of children, in some cases very young children. Child porn is illegal in the United States and many other countries. Anyone who knowingly produces, transmits, stores, or … Read more

A simple Skype exploit can reveal IP addresses -- remote and local -- of any user.

A blog post by skype-open-source runs through the process of obtaining a user's IP address. Essentially, all a person has to do is start the process of adding a contact with a specific user name. Instead of sending a contact confirmation, the person can click on the information card to obtain the IP address of that particular user.

The process only works if the other user is online. The only method of protecting against this is to log off of Skype when you'… Read more

The fight to jailbreak Apple's A5-chip-powered devices, specifically the iPhone 4S and the iPad, is nearing its end. Hacker "pod2g" and his crew of iOS exploit seekers have released photos and videos of a jailbroken iPhone 4S and a jailbroken iPad 2, both running iOS 5.0.1.

The most compelling proof that an A5 jailbreak is close comes in the form of a video from pod2g and the Chronic Dev Team (via iDownloadBlog). The jailbreak, performed on the iPhone 4S, is completely untethered and seems to be working great.

Backing up the show of the iPhone … Read more

When it comes to malware exploits, Adobe's Flash and PDF software can't seem to catch a break recently.

Recently a vulnerability was found in both Mac and Windows versions of Adobe's Acrobat and Reader products that could allow an attacker to crash the programs and gain control of the system. So far only attacks on Windows machines have been found, but Mac systems could be affected as well.

Now two similar vulnerabilities have been found in Adobe's Flash Player, which likewise could result in arbitrary code being executed on the system.

Computerworld is reporting that the … Read more