Alexey V. Borodin, a computer hacker from Russia, has figured out a way to implement a “man-in-the-middle” exploit in the Apple App Store that allows anyone who uses his technique a way to get free in app purchases.
The exploit, which works mostly on games where you buy a new level, power ups, and the like, allows you to send traffic to Borodin’s web server that is setup to look like an Apple App Store server and then sends your iOS device a bogus acknowledgment that you’ve paid for the said app upgrade.
At the time I’m posting this, the bogus server that Borodin setup is offline. I’m not sure if that is because he was ordered to take it offline or that it is so busy from people trying to exploit the hack, that the server is just too busy to respond.
[Via MacWorld.com…]