The creator of an exploit that let users purchase digital goods inside of iOS apps without actually paying for them said today that Apple's fix puts the hack out of business.
"Currently we have no way to bypass [the] updated APIs," creator Alexei Borodin wrote in a post on his development blog. "It's a good news for everyone, we have updated security in iOS, developers have their air-money."
Borodin says that the exploit, which requires the use of third-party servers and specially-installed security certificates, will continue to be up and running until Apple releases iOS 6. Last week, Apple said that software -- which is due in the next few months -- will patch the exploit. In the interim, the company provided updated APIs that validate each digital purchase.
"By examining last Apple's statement about in-app purchases in iOS 6, I can say, that currently game is over," Borodin added.
According to an interview with the enterprising programmer last week, the exploit allowed more than 8.4 million purchases of in-app content to be made. With a minimum price of 99 cents per in-app purchase item, that represents a total of $5.82 million developers might have received, with another $2.49 million Apple would have earned based on the App Store's 70/30 revenue split. However that tally could be considerably higher given that purchases within iOS applications can go well beyond the 99 cent minimum.
Despite the temporary security win for Apple on the iOS front, Borodin says a modified version of the hack targeted at Apple's Mac App Store is still up and running. "We [are] still waiting for Apple's reaction," he said in the same post. "We have some cards in the hand."
The exploit remains one of the few high-profile efforts to target Apple's digital storefronts from inside of apps. Separate efforts have targeted individual user accounts, and the copy protection on applications.
0 commentaires:
Post a Comment