Within hours of Apple opening the Mac App Store, reports surfaced of software 'pirates' having figured out how to install and run unauthorized paid apps by copying the receipt files from a free app.
Apple has battled piracy for years on the iOS App Store, trying to stay one step ahead of hackers. With the opening of the Mac App Store on Thursday morning, Apple has yet another digital storefront to protect.
On the day of the store's launch, reports emerged that a simple cut-and-paste workaround had been discovered that illegally 'cracks' some paid apps. Crackers apparently found that replacing the receipt and signature files in some paid app packages, which can be downloaded from third-party sites, with the receipt from a free app allows the app to run in some cases.
According to John Gruber of Daring Fireball, the vulnerability exists only in apps that don't follow Apple's app validation advice. For example, some apps check only for a valid receipt, without checking whether the receipt matches the app's bundle ID.
Beyond the simple file replacement crack, some hackers claim to have cracked Apple's security for the Mac App Store, according to Gizmodo. In late December, one hacker known as Dissident announced that the crack, named KickBack, would not be released "until well after the store's been established" in an effort to 'protect' developers. "When we feel that [the Mac App Store] has a lot of crap in it, we'll probably release Kickback," said Dissident.
Though developers reported support for Mac App Store receipts in early builds of Mac OS X 10.6.6, there's no evidence that the Mac App Store was broadly or externally tested by Apple.
Some early adopters reported being unable to download and install apps Thursday shortly after the Mac App Store went live. A number of users have also complained about the quality of the apps available on the store, with one user going so far as to start a parody site that criticizes apps with awkward user interfaces.
Information retrieved from: http://www.appleinsider.com
(C) 2011 AppleInsider Staff
No comments:
Post a Comment