In-app purchase hacker sets sights on Mac App Store

The exploit that allowed users to purchase digital goods inside iOS apps without actually paying has jumped platforms and now works on Apple's Mac platform.

The Next Web notes that programmer Alexei Borodin, who created the iOS in-app purchase exploit, now has a similar solution for apps purchased in Apple's Mac App Store. Like the exploit for iOS, this too requires that users install special security certificates on their machines, though it also requires the installation of an extra helper program.

Earlier today Apple said it had a fix coming in the next version of iOS, due out in the next few months, that patches the exploit. In the meantime it offered a solution that requires developers to instate a cross-check for in-app purchases with receipts from its own servers.

The Next Web reports that before this method -- which Apple says will prevent iOS users from getting in-app freebies -- became available, more than 8.4 million free purchases were made. That's up big from the 30,000 that were reported immediately after the exploit became available last week.

CNET has contacted Apple about this newer exploit aimed at the Mac App Store and will update this post when we know more.

As mentioned in previous coverage, both Apple and its developers face a loss of profits if the exploit remains in use from would-be spenders. Developers get 70 percent of the revenue from purchases made inside their apps, while Apple gets the other 30 percent.