Takes down original servers, but exploit is not yet fixed.



As expected, Apple is working to block the free in-app purchases hack by blocking the IP address of the original servers, but service remains operational -for now-.
Also, the exploit creator speaks...

As you may know, a flaw in Apple iOS in-app purchasing mechanism allows iDevice owners to download free in-game content. However, despite Apple initial efforts, the service remains operational, at the time of this writing.

It looks like Apple began blocking the IP address of the server used by Russian hacker Alexey V. Borodin to authenticate purchases. They also issued a takedown request on the original server, taking down third-party authentication with it, and filed a copyright claim on the YT video that he used to document the circumvention method.

However, he made changes to get around Apple's block. The hacker said he has processed 30,000 individual "purchases" and has moved his server to a country that's not likely to respond to requests from Apple.

Borodin isn't the first to put out a tool that makes in-app purchases free, but he's been one of the most public. He says that Apple has not contacted him directly about the exploit and that users "should be pleased that I simplified your life." He's started forcing users to log out before using the system "so they don’t scream to the Internet that I am stealing their credentials," though that doesn't rule out the possibility of gathering some information. While not all apps are vulnerable, developers should be aware that right now, it's not all that difficult for users to find out how to use this exploit.
Apple has spoken: "The security of the App Store is incredibly important to us and the developer community. We take reports of fraudulent activity very seriously and we are investigating."

Keep in mind that this system sends your Apple ID, password and possibly additional data, to a server operated by the hacker who has unrestricted access to all that. SO, YOU ARE WARNED IF YOU WANT TO TRY THIS! Overall, it isn't recommended.

Still, interesting to see Apple hasn't found a way to fully fix this hack, which has been operational over all the weekend!

NEWS SOURCE #1: Apple blocking in-app purchase exploit server (via) TheVerge
NEWS SOURCE #2: Apple begins bid to block in-app purchasing flaw but service remains operational for now (via) TheNextWeb

Our thanks to 'Gauss' for this news item!