“On Friday, we broke the news on some worrying tips we received about an ‘in-app proxy’ hack that allowed even novice users to illegally install paid in-app purchase content for free. In updates to our original story, we noted the hack’s developer, Alexey V. Borodin, said in an interview that Apple’s method of validating receipts for developers would not protect apps from the hack,” Jordan Kahn reports for 9to5Mac. “Apple followed up with a statement that claimed it is investigating the issue. Today, we get an update from The Next Web that further claims Apple began taking action over the weekend: ‘Over the weekend, Apple began blocking the IP address of the server used by Russian hacker Alexey V. Borodin to authenticate purchases.'”
“It followed this up with a takedown request on the original server, taking down third-party authentication with it, also issuing a copyright claim on the overview video Borodin used to document the circumvention method. PayPal also got involved, placing a block on the original donation account for violating its terms of service,” Kahn reports. “Unfortunately, the service is reportedly still operational with Borodin apparently moving the server to a location outside of Russia.”
Read more in the full article here.
[Thanks to MacDailyNews Reader “Brawndo Drinker” for the heads up.]
Related article:
Apple iOS in-app purchases hacked; allows users to download anything for free – July 13, 2012