Apple's in-app purchase dialog.
(Credit: Apple)
A new exploit aimed at iOS devices enables users to gain free access to paid content within applications, thereby circumventing built-in security measures.
The hack, which was detailed by a Russian programmer and picked up by 9to5mac this morning (via i-ekb.ru), uses a proxy system to send purchase requests to third-party servers where they are validated, and sent back to the application as if the transaction had gone through. However before that happens, users need to install special security certificates on their device.
The individual behind the effort has already set up a Web site set up for donations to run the proxy servers, which are required to make the trick work.
The loophole goes beyond apps, and covers other types of content that phone home to Apple for verification. That includes Newsstand, the company's digital newspaper service, which typically offers things like newspapers and magazines for free, with in-app purchases to buy subscriptions, or individual issues.
Related stories
- ... [Read more]
No comments:
Post a Comment