Submitted by Deepesh Agarwal on Sun, 07/22/2012 - 09:11
After hacking his way through free Apple iOS in-app purchases and making things public, the Russian hacker Alexey Borodin has now targeted Apple Mac OS allowing users to get paid in-app purchases for free.
This new hack uses similar DNS man-in-middle technique to act as a fake Mac AppStore server letting users get paid stuff for free. The trick involves users to install two certificates and change DNS records to work with an "Grim Receiper" application, this application makes use of crowd-sourced donated receipts from genuine purchases to authenticate anyone's purchase requests (for free).
Apple is working to patch this security hole, for educational purposes the link to test this security hole is - http://91.224.160.136/osx.html.
Add new comment