subscribe: Posts | Comments | Email

Apple says in-app purchase exploit will end in iOS 6

Apple says in-app purchase exploit will end in iOS 6

Apple is facing a lot of problems these days! For one they have had trouble with law suits against Samsung, and then the recent in-app purchasing exploits caused a lot of trouble for them. Apple has now started healing these wounds, they have sent email to all the developers about the exploit and how they can implement a temporary fix. They have also started up a special support page for the developers and give answers on the problems being faced by them. Apart from that, the email has informed developers that everything will be solved with the release of the iOS 6 and that would be a permanent fix on the issue.

9to5Mac has shared an excerpt from the Apple support page that says basically tells that a exploit had been discovered in the iOS 5.1 that enables users to make in-app purchases for free. The attacker can alter the DNS table and divert the purchase requests to a server controlled by the attacker. By using a certificate authority controlled by the attacker and installed on devices, the attacker can issue a SSL certificate that identifies the attacker’s identity as the App store server. The attacker’s server then validates all in valid receipts and responds to them as if they were Valid.

The support forum can be found over here and Apple has a serrate Q&A section for the three most commonly asked questions like; “My app performs validation by connecting to my own server. How am I affected?” “My app performs validation by connecting to the App Store server directly. How am I affected?” and “How can I validate transactions that have already completed?”

We just hope things turn out to be all the better for Apple, do give us your thoughts on the issue! Do you feel developers are safe?

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>