Apple deploys quick-fix for in-app purchases hack

But won't be patched properly until iOS6.

Apple has offered iOS developers new tools to help combat a recent exploit which enabled users to download some in-app purchases for free.

The hack allowed users to circumvent the App Store by issuing fake verification receipts, gifting users paid-for content.

App Store developers can now implement previously-private Apple APIs, The Guardian reported, allowing apps to verify all existing purchases and delete any found to have been obtained erroneously.

This fix will have to be implemented in an updated version of the app, however, which users can simply choose not to download.

The exploit will otherwise remain until Apple launches iOS6 later this year.

Hundreds of games have been affected, including Angry Birds, FIFA 12, Temple Run, Plants vs Zombies and Infinity Blade.

Russian hacker Alexey Borodin, mastermind of the exploit, has admitted that Apple's fix will likely shut the hack down. "Game is over. Currently we have no way to bypass updated APIs," he wrote on his blog.

In the meantime, Borodin has already named his next target. He's eyeing up Mac OS X to see if a similar vulnerability can be prised open.

"We are still waiting for Apple's reaction," he concluded. "We have some cards in the hand."

Comments (5)

Comments for this article are now closed, but please feel free to continue chatting on the forum!