:format(webp)/cdn.vox-cdn.com/uploads/chorus_asset/file/14008658/in-app-purchases_1020.1419971055.jpg)
Apple is apparently blocking the IP address of the server hosting In-Appstore.com, a tool that let users make in-app purchases without paying, but the exploit is far from fixed. Creator Alexey V. Borodin says that although his system is still working, he's had to make changes to get around Apple's block. The company has also ordered YouTube to take down the original video explaining it. The Next Web reports that despite this, Borodin says he's processed 30,000 individual "purchases" and has moved his server to a country that's not likely to respond to requests from Apple.
Borodin isn't the first to put out a tool that makes in-app purchases free, but he's been one of the most public. He says that Apple has not contacted him directly about the exploit and that users "should be pleased that I simplified your life." He's started forcing users to log out before using the system "so they don’t scream to the Internet that I am stealing their credentials," though that doesn't rule out the possibility of gathering some information. While not all apps are vulnerable, developers should be aware that right now, it's not all that difficult for users to find out how to use this exploit.
:format(webp)/cdn.vox-cdn.com/uploads/chorus_asset/file/23954510/acastro_STK459_12.jpg)
:format(webp)/cdn.vox-cdn.com/uploads/chorus_asset/file/23951393/STK088_VRG_Illo_N_Barclay_2_spotify.jpg)
:format(webp)/cdn.vox-cdn.com/uploads/chorus_asset/file/24774110/STK156_Instagram_threads_1.jpg)
:format(webp)/cdn.vox-cdn.com/uploads/chorus_asset/file/24940279/lcimg_6ac9fc73_9c43_4883_8823_85920052fa5d.jpeg)