Two quick ExtraBITS for you this week: news of Apple withdrawing from, and then immediately rejoining, the EPEAT program for environmental stewardship; and the strange story of a Russian hacker who figured out how to trick iOS into allowing free in-app purchases.
Hacker Exploits iOS Flaw for Free In-App Purchases — Over at Macworld, Lex Friedman does an excellent job running down the strange story of a Russian hacker who figured out how to trick iOS such that users could make some in-app purchases for free. Apple should be able to fix the problem, but it’s an interesting example of the classic “man in the middle” attack because, in this case, the man in the middle is the user, rather than some bad guy.
Apple Back in EPEAT with Vague Explanation — They’re out! No, they’re back! A few days after pulling all of its products out of the EPEAT program for environmental stewardship (which put into question numerous government and institution purchases, since many of those entities require EPEAT-labeled products), Apple returns to the group’s list with a note from outgoing hardware chief Bob Mansfield. An explanation of the departure and return were not included.