The hacker who published instructions for bypassing Apple’s iOS authentication services in order to het free in-app purchases has now published details of a hack that makes it possible to get free in-app purchases on the Mac App Store.
The four step process is outlined on Forbes and includes:
- Installing a CA certificate
- Installing an in-appstore.com certificate
- Changing DNS record in the WiFi settings
- Running the Grim Receiper application
It’s a similar hack to the iOS version, the main difference being the Grim Receiper tool that enables users to store the purchase receipts on their Mac.
Both hacks are made possible because Apple doesn’t link purchases to a customer or device, so a single purchased receipt can be used repeatedly. For now Apple has published some guidelines for developers wishing to protect themselves from the hack. The company says it will address the vulnerability with iOS 6, due out this autumn.
Forbes goes on to point out that any Mac user trying to take advantage of the hack is “sending your Apple ID and password to a third party.”
The App Store hack that lets iOS users trick the App Store into giving them in-app purchases for free went public almost two weeks ago. Alexey V. Borodin of Russia built the in-app purchase hack, which requires several steps–including installing bogus certificates on your device, and using a specially-crafted DNS server. Those ingredients combine to fool apps into believing that they’re communicating with the App Store, when they’re actually going to a Web server that pretends to the App Store instead. Borodin told Macworld that his exploit works in part by faking – or “spoofing” – the code receipts that Apple issues for in-app purchases which developers use for validation, with the iOS device configured to mistakenly believe that those receipts are coming directly from Apple.