Apple to close in-app purchase hack in iOS 6, offers interim fix

Apple has laid out a new support document that tells developers how to protect their apps from a hack that made in-app purchases free. The company also said it will be patched in iOS 6.

Apple

Apple has outlined a way for iOS developers to protect themselves against an exploit that lets users gain free access to paid add-on content sold within their apps.

In a new support document posted today, the company provided detailed guidelines, urging developers to use its receipt validation system that cross-checks purchases made inside applications with the company's own records. It also said that it will be taking extra precautions to keep this from happening in the next version of iOS, due out later this year.

"We recommend developers follow best practices at developer.apple.com to help ensure they are not vulnerable to fraudulent In-App purchases," Apple spokesperson Tom Neumayr told CNET. "This will also be addressed with iOS 6."

The exploit was created by Russian programmer Alexey Borodin, and appeared late last week. It uses a proxy system to send purchase requests to third-party servers where they are validated and sent back to the application as if the transaction had gone through. In order to use the trick, users needed to install special security certificates on their devices, as well as be on a Wi-Fi network.

The new support document includes details on how to set up protection through Apple's receipt validation system as well instructions for validating transactions that have already been completed. In addition to posting the information on its site, Apple sent out the following e-mail to developers urging them to set up the receipt validation:


Message sent to Apple developers on Friday.
Message sent to Apple developers on Friday. CNET

It's unclear how many developers were, and continue to be targeted by the exploit. In an interview with The Next Web last week, Borodin said that more than 30,000 in-app purchases were made using the service.

 

Join the discussion

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

HOT ON CNET

Last minute back to school shopping?

Whether you're looking for headphones to study with or music-streaming gear, CNET rounds up a shopping guide just for you.