In-app purchases flaw exposes developers to costly hacks

By

Developers need to check their in-app purchase code.
Developers need to check their in-app purchase code.
Photo: PhotoAtelier/Flickr

Sloppy coding in some popular iOS games allows hackers to give themselves and others thousands of dollars’ worth of in-app purchases for free.

The hole was discovered by developers at DigiDNA, creator of a backup tool called iMazing that allows iPhone and iPad users to access their devices’ hidden file systems. The developers found that the app backup/restore feature in iMazing 1.3 exposes weaknesses in the way games like Angry Birds 2 and Tetris Free handle in-app purchases.

To demonstrate how easy it is to hack in-app purchases using this method, the DigiDNA team tweaked Angry Birds 2 to start the game with 999,999,999 gems — the equivalent of $10,000 of in-game credits.

Apple Kills Serious iPhone SMS Spoofing Flaw With iOS 6

By

iphone-sms-text-message
Another great reason to install iOS 6.

Back in August, we told you about a serious SMS security flaw with the iPhone that opened the door to text message spoofing. At the time, Apple told users they could protect themselves by using its iMessage service rather that traditional SMS messages, but the Cupertino company appears to have rectified the issue in iOS 6.

iOS 5 Security Flaw Allows Access To Contacts List, Recent Calls & Text Messages Without Passcode

By

Passcode locks are no match for a piece of software called XRY.
Passcode locks are no match for a piece of software called XRY.

Apple’s iOS devices has suffered a number of passcode flaws in recent years, which have allowed anyone to circumvent their security and access features within the device. The company has always been fairly quick to address these issues, but they continue to crop up.

The latest allows anyone with knowledge of the exploit to access your contacts list, your recent calls, your voicemail, your text messages, and more.