The cat and mouse game between a Russian hacker and Apple is apparently over. Alexey Borodin, who published online a way for iOS customers to download in-app purchases for free, has accepted defeat. This comes after Apple succeeded in putting an end to the iOS flaw that allowed Borodin to defraud developers out of in-app purchase fees, according to The Next Web.
Just days ago, we reported how Borodin figured out a way for customers to exploit a flaw in Apple’s certification setup to reroute IAP traffic and trick the system into thinking you’ve actually paid for all those gold coins and Smurfberries. Since then, Apple has used the sharing of private APIs to eliminate the issue.
Posting on his In-AppStore blog, Borodin states that there is “no way to bypass updated APIs,” concluding, “the game is over,” versus Apple.
However, the issue has only been resolved on iOS devices using iOS 6, which remains in beta.
As Borodin concludes:
It’s a good (sic) news for everyone, we have updated security in iOS, developers have their air-money. But, service will still remain operational until iOS 6 comes out.
However, Borodin’s equally illegal exploit of the Mac App Store remains, although this too could be closed by Apple with the arrival of OS X Mountain Lion as early as this week.
While not all in-app purchases seem fair, stealing them is not only wrong, it is illegal. Hopefully, Apple will close the rest of Borodin’s exploits soon.
Source: The Next Web