ZonD Eighty, the Russian hacker who brought App Store fraud to unjailbroken iPads and iPhones, has extended his "service" to OS X users.
Mac owners can now join their iDevice brethren in ripping off developers.
The procedure starts off the same way on OS X as it does on devices running iOS:
- load and trust a fake CA (certificate authority) SSL certificate,
- oad a fake SSL certificate signed by the fake trusted authority,
- change your DNS settings so you'll be redirected to the fake App Store.
There's one more step for OS X users:
- install and use an app called Grim Receiper.
Apple has already publicly admitted that this is a vulnerability, and provided some workarounds for iOS programmers to protect their in-app purchases.
According to Apple, the vulnerability will be addressed in iOS 6, which is expected in October 2012.
But with just days to go until Mountain Lion (OS X 10.8) drops, a proper fix for OS X is going to have to wait for a security update.
Read more: http://nakedsecurity.sophos.com/2012/07/22/russian-hacker-app-store-fraud-embraces-mac-users-too/
