Remember the in-app purchase exploit that allowed people to make in-app purchases without paying for them? Well, it looks like Apple has caught wind of the story and is currently investigating the problem. No word on how such an exploit managed to get under the noses of Apple security, but I guess it’s a good thing they’re looking into the problem and not ignoring it or pretending it wasn’t a huge concern – according to reports online, over 30,000 in-app purchases have already been made using the service.
Here’s an explanation from CNET of how the exploit works: “The technology behind the exploit re-routes in-app purchase requests. Instead of going to Apple, or a developer’s secured server, they go to an external server which pretends to be Apple giving it the OK. The setup requires installing two special security certificates on the phone, as well as making purchases when on Wi-Fi with modified DNS settings, meaning it doesn’t just work without some modifications.”
The website that hosted the details on how to enable it has already been given a takedown notice, so I guess that’s the first step. We’ll keep you posted on what happens next.