| Cult of Mac

In-app purchases flaw exposes developers to costly hacks

By

App Store icon
Business is booming for the App Store.
Photo: PhotoAtelier/Flickr

Sloppy coding in some popular iOS games allows hackers to give themselves and others thousands of dollars’ worth of in-app purchases for free.

The hole was discovered by developers at DigiDNA, creator of a backup tool called iMazing that allows iPhone and iPad users to access their devices’ hidden file systems. The developers found that the app backup/restore feature in iMazing 1.3 exposes weaknesses in the way games like Angry Birds 2 and Tetris Free handle in-app purchases.

To demonstrate how easy it is to hack in-app purchases using this method, the DigiDNA team tweaked Angry Birds 2 to start the game with 999,999,999 gems — the equivalent of $10,000 of in-game credits.

FAQ: Everything you need to know about the XcodeGhost App Store hack

By

Pirate Flag
Steve Jobs' old mantra about "It's better to be a pirate than join the navy" probably wasn't on Apple's application form.
Photo: George Hodan/Public Domain Pictures

If you’re as confused as we were when we first heard about the major App Store hack over the weekend, we’re here to help.

Here’s a compilation of everything we know about the XcodeGhost story, and we’ll be updating it as more develops.

XcodeGhost hack: Delete these infected iOS apps immediately

By

The App Store just experienced its worst security breach ever.
The App Store just experienced its worst security breach ever.
Photo: Apple

The App Store suffered its worst security breach in history over the weekend, when it was discovered that hundreds of Chinese apps have a malicious program dubbed ‘XcodeGhost’ embedded in their software.

The huge security lapse made its way into legitimate apps thanks to Chinese developers who used a counterfeit version of Apple’s Xcode software that was uploaded to file sharing service Baidu. By using XcodeGhost to compile their apps, developers accidentally allowed the malicious code to be distributed through the App Store.

Apple has pulled infected apps off the store to stop stop the spread, but users still need to delete XcodeGhost apps off their devices manually. Most of the apps infected are mostly used in China, however some big name apps like WeChat, Angry Birds 2, and Didi Chuxing (Uber’s biggest rival in China) were also hit.

Here’s a full list of infected apps:

Angry Birds 2 flings its way onto the App Store

By

The thirteenth Angry Birds game is here.
The thirteenth Angry Birds game is here.
Photo: Rovio

Rovio has churned out more sequels to its Angry Bird franchise than any developers on the planet. They even have sequels to the sequels (we see you Angry Birds Star Wars II), but six years after the original was released, Angry Birds 2 is finally here.

The thirteenth title in the Angry Birds franchise is packed with new puzzling towers to topples, missile birds, and boss piggies. There’s also a new feature that lets you challenge your friends over Facebook to see who’s the true master at flinging birds.

Check out the first gameplay teaser:

Angry Birds 2 flings itself onto your screens July 30

By

They're back, bigger and angrier than ever.
They're back, bigger and angrier than ever.
Photo: Rovio Entertainment

The disgruntled avians are headed your way yet again in a new game, cleverly titled Angry Birds 2, according to a fairly vague website and trailer from Finnish developer Rovio.

Details are scant, but here’s hoping we see more of the compelling gameplay of the first title in the series — and way less of the karting and endless running of recent releases.