After a Russian hacker discovered a way to get free in-app purchases on the iPhone and the iPad, it moves to the Mac.
Recently a developer named Alexey Borodin modified the Russian hacker’s in-app purchase hack to work with the Mac OS X apps. Similar to the iOS hack, the hack for Mac OS X also follows the DNS hack used in circumventing the iOS in-app purchasing to get in-app purchases, for the Mac, for free.
In the hack’s website, they announced that the hack can be used on OS X and that Macs and can get free in-app purchases similarly to the iOS hack.
Like the iOS in-app purchase hack, the steps for the Mac OS X in-app purchase hack include…
1. installation of CA certificate
2. installation of certificate from the website
3. change of DNS record in Wi-Fi settings
but adds in another step…
4. Run an application that was developed by Alexey Borodin
What the additional step does is to store the in-app purchase receipts on the Mac locally.
Currently, the Mac App Store was introduced a while ago and not as old as the iOS App Store. Not a lot of apps use the in-app purchasing mechanism currently. Even though not a lot of Mac apps use the in-app purchase system, the security hole still worries Mac App development.
As of right now, Apple is working on a way to fix the security hole. Right now, Apple does not link purchases to a customer or device. Recently, Apple has sent out tools to developers to help combat the problem on the iOS platform (two APIs that allows digital receipts to be verified, which were previously private), though there is none for the Mac currently and it is unclear if it will be made available.