Apple has outlined a way for iOS developers to protect themselves againstthat lets users gain free access to paid add-on content sold within their apps.
In a new support document posted today, the company provided detailed guidelines, urging developers to use its receipt validation system that cross-checks purchases made inside applications with the company's own records. It also said that it will be taking extra precautions to keep this from happening in the next version of iOS, due out later this year.
"We recommend developers follow best practices at developer.apple.com to help ensure they are not vulnerable to fraudulent In-App purchases," Apple spokesperson Tom Neumayr told CNET. "This will also be addressed with iOS 6."
The exploit was created by Russian programmer Alexey Borodin, and appeared late last week. It uses a proxy system to send purchase requests to third-party servers where they are validated and sent back to the application as if the transaction had gone through. In order to use the trick, users needed to install special security certificates on their devices, as well as be on a Wi-Fi network.
The new support document includes details on how to set up protection through Apple's receipt validation system as well instructions for validating transactions that have already been completed. In addition to posting the information on its site, Apple sent out the following e-mail to developers urging them to set up the receipt validation:
It's unclear how many developers were, and continue to be targeted by the exploit. In an interview with The Next Web last week, Borodin said that more than 30,000 in-app purchases were made using the service.
reading•Apple to close in-app purchase hack in iOS 6, offers interim fix
Mar 17•Apple event set for March 27, Microsoft creates new division
Mar 16•Apple event on March 27 to focus on education
Mar 16•Apple imagines a world where you unlock everything with your face
Mar 16•How to listen to TV in a noisy room