Its just Day 1 and within 9 hours of being launched, the Apple Mac App Store’s security has been already cracked. Reports have surfaced of software ‘pirates’ having figured out how to install and run unauthorized paid apps by copying the receipt files from a free app.
According to John Gruber of Daring Fireball, the vulnerability exists only in apps that don’t follow Apple’s app validation advice. For example, some apps check only for a valid receipt, without checking whether the receipt matches the app’s bundle ID.
Apart from this simple file replacement crack, some hackers claim to have cracked Apple’s security for the Mac App Store, according to Gizmodo. The crack will not be available until February 2011 though, according to Dissident, the hacker who created the hack – Kickback.
In late December, Dissident announced that the crack, named KickBack, would not be released “until well after the store’s been established” in an effort to ‘protect’ developers. “When we feel that [the Mac App Store] has a lot of crap in it, we’ll probably release Kickback,” said Dissident. So basically they’re giving Apple time to make a patch for a crack that isn’t even out yet.
At any rate, it indicates that the security of the Mac App Store is very easy to circumvent. Though developers reported support for Mac App Store receipts in early builds of Mac OS X 10.6.6, there’s no evidence that the Mac App Store was broadly or externally tested by Apple.
However, the way in which the App Store has been cracked does not endanger your personal security unless you download pirated versions of the apps from untrusted sources that could package the pirated versions with malware. It is pretty hard to have a complete computing experience without some third party software on any OS.
Most people use social networking clients, online games, Adobe software, and etc. Piracy just allows the possibility that the third party software you are using is a carrier for malware. Moreover, this opens the door to wide piracy, which is not good for anyone, developers and users alike in the long term.So Apple is right, at least in this case — stay away from piracy to stay protected!