A bug was recently discovered in the App Store purchasing system which allows users to make free in app purchases. This discovery instantly went viral on the internet. Since both the iOS and Mac App stores are relatively similar, there exists a big possibility that this bug would be compatible with the latter as well. It sure is!
The bug was discovered by Alexey Borodin who is a Russian coder. He then went on to create a hack that allows users to initiate free in app purchases. The process is relatively simple. The user downloads third party certificates on the device. These certificates point the device to Borodin’s servers who pretend to be Mac App Store. Fake validation receipts are then issued which allow in app purchases while costing not a single dime at all.
The process is similar on Mac OS as well. Users have to downloaded certificates and then alter DNS information so that Borodin’s servers are accessed. Only on Mac are users required to run a standalone program named Grim Receiper to complete free in app purchase process. Here as well fake validation tickets do all the magic.
Alexey Borodin says that he is able to view Apple ID and their passwords of whosoever uses this hack. He claims that credit card information is not visible. Over 8,460,017 free in app purchases have already been made through this hack and more will continue to be made until Apple releases a fix. The permanent fix can only come in form of a software update.