Russian hacker's App Store fraud site adds Mac support

[Jack]

Sophos wrote:ZonD Eighty, the Russian hacker who brought App Store fraud to unjailbroken iPads and iPhones, has extended his "service" to OS X users.

Mac owners can now join their iDevice brethren in ripping off developers.

The procedure starts off the same way on OS X as it does on devices running iOS:

• load and trust a fake CA (certificate authority) SSL certificate,
• oad a fake SSL certificate signed by the fake trusted authority,
• change your DNS settings so you'll be redirected to the fake App Store.

There's one more step for OS X users:

• install and use an app called Grim Receiper.

Apple has already publicly admitted that this is a vulnerability, and provided some workarounds for iOS programmers to protect their in-app purchases.



According to Apple, the vulnerability will be addressed in iOS 6, which is expected in October 2012.

But with just days to go until Mountain Lion (OS X 10.8) drops, a proper fix for OS X is going to have to wait for a security update.

Read more: http://nakedsecurity.sophos.com/2012/07/...users-too/