In-app purchase hacker sets sights on Mac App Store

The exploit that let users get paid digital goods inside of apps without actually paying has jumped over to Apple's Mac platform.

Josh Lowensohn
Josh Lowensohn Former Senior Writer
Josh Lowensohn joined CNET in 2006 and now covers Apple. Before that, Josh wrote about everything from new Web start-ups, to remote-controlled robots that watch your house. Prior to joining CNET, Josh covered breaking video game news, as well as reviewing game software. His current console favorite is the Xbox 360.

The exploit that allowed users to purchase digital goods inside iOS apps without actually paying has jumped platforms and now works on Apple's Mac platform.

The Next Web notes that programmer Alexei Borodin, who created the iOS in-app purchase exploit, now has a similar solution for apps purchased in Apple's Mac App Store. Like the exploit for iOS, this too requires that users install special security certificates on their machines, though it also requires the installation of an extra helper program.

The hacked in-app purchase dialog (click to enlarge). In-AppStore.com

Earlier today Apple said it had a fix coming in the next version of iOS, due out in the next few months, that patches the exploit. In the meantime it offered a solution that requires developers to instate a cross-check for in-app purchases with receipts from its own servers.

The Next Web reports that before this method -- which Apple says will prevent iOS users from getting in-app freebies -- became available, more than 8.4 million free purchases were made. That's up big from the 30,000 that were reported immediately after the exploit became available last week.

CNET has contacted Apple about this newer exploit aimed at the Mac App Store and will update this post when we know more.

As mentioned in previous coverage, both Apple and its developers face a loss of profits if the exploit remains in use from would-be spenders. Developers get 70 percent of the revenue from purchases made inside their apps, while Apple gets the other 30 percent.