Apple has issued a temporary fix for the hack that allows users to download premium content in iOS games and applications for free, but the culprit behind the exploit is now turning his attention to the Mac App Store.
Detailed by Russian hacker Alexey Borodin two weeks ago, the vulnerability affects developers that validated in-app purchases by connecting to the App Store server. Apple attempted to block the service that made the hack possible, but Borodin moved it to another server, and has so far processed tens of thousands of illicit downloads.
Apple has offered a fix for affected game makers by publishing a "best practices" guide that outlines how they can patch the vulnerability in their titles using a private API -- one of the few times the company has actually encouraged developers to use a private API.
This fix, though, is a temporary measure that developers will have to implement themselves. Apple says it will not be able to patch this exploit completely until it puts out the next operating system update for its smartphones and tablets, iOS 6, which is expected to release this fall.
Borodin has conceded defeat, at least when it comes to working around security measures for iOS app purchases: "[The] game is over. Currently we have no way to bypass updated APIs. It's good news for everyone; we have updated security in iOS, developers have their air-money."
However, the hacker unveiled a similar exploit on Friday that circumvents in-app purchase fees on the Mac App Store. Apple has not yet addressed that vulnerability, and Borodin implies that he will have more workarounds ready if the company releases a fix.