This Week's Sponsor:

Kolide

Ensures that if a device isn’t secure it can’t access your apps.  It’s Device Trust for Okta.

Bug Discovered in Condè Nast iPad Apps Lets You Download Issues for Free

Huge story reported by The Huffington Post: there’s a security flaw in the Condè Nast iPad applications (Wired, The New Yorker, etc) that will let you download paid issues of the magazines for free. The bug was apparently discovered by Italian “hacking research group” Dark Apples, which tested the “method” on Italian newspaper apps such Corriere della Sera and Gazzetta della Sport (published by RCS) as well.

All a moderately-skilled iPad user has to do is connect the iPad to his laptop, search inside the iPad files with a common managing software (we used iPhone Explorer), copy the .plist file that manage the download information and correct a single field. This boils down to changing a single word: Where it says “purchasable” you write “viewable” instead, and copy back the file on the iPad. Now all you need to do is click on “delete” the magazine issue on the iPad app and a “download” button will appear instead of the “buy” button. It means you can download the magazine for free.

We haven’t tried this, and we urge you guys to stay away from this, too. The story gets interesting, though, as - guess what - Adobe is in the middle of the debate, again:

Managers of the Italian dailies told us they are investigating the problem, while people at Adobe – Adobe manages Condé Nast iPad apps – wrote us they are “very concerned by piracy issues”. “We have confirmed that it is possible for experienced users with detailed instructions to access some digital publications on the iPad that have not been purchased. We are working on a fix and expect to deliver a new version of our Digital Content Viewer to publishers on Friday, October 8”, an Adobe spokesperson said.

So, basically, the tools Adobe provided to Condè Nast were affected by this flaw that still allows users to easily hack the iPad apps and view content that hasn’t been purchased. The apps haven’t been updated, so the hack is still working.

Adobe apparently sent publishers an updated version of its development tools 4 days ago. I guess a huge update for all Condè Nast apps will be released very soon in the App Store. Still: nice shot, Adobe.

Join

Unlock More with Club MacStories

Founded in 2015, Club MacStories has delivered exclusive content every week for over six years.

In that time, members have enjoyed nearly 400 weekly and monthly newsletters packed with more of your favorite MacStories writing as well as Club-only podcasts, eBooks, discounts on apps, icons, and services. Join today, and you’ll get everything new that we publish every week, plus access to our entire archive of back issues and downloadable perks.

The Club expanded in 2021 with Club MacStories+ and Club Premier. Club MacStories+ members enjoy even more exclusive stories, a vibrant Discord community, a rotating roster of app discounts, and more. And, with Club Premier, you get everything we offer at every Club level plus an extended, ad-free version of our podcast AppStories that is delivered early each week in high-bitrate audio.

Choose the Club plan that’s right for you:

  • Club MacStories: Weekly and monthly newsletters via email and the web that are brimming with app collections, tips, automation workflows, longform writing, a Club-only podcast, periodic giveaways, and more;
  • Club MacStories+: Everything that Club MacStories offers, plus exclusive content like Federico’s Automation Academy and John’s Macintosh Desktop Experience, a powerful web app for searching and exploring over 6 years of content and creating custom RSS feeds of Club content, an active Discord community, and a rotating collection of discounts, and more;
  • Club Premier: Everything in from our other plans and AppStories+, an extended version of our flagship podcast that’s delivered early, ad-free, and in high-bitrate audio.

Federico is the founder and Editor-in-Chief of MacStories, where he writes about Apple with a focus on apps, developers, iPad, and iOS productivity. He founded MacStories in April 2009 and has been writing about Apple since. Federico is also the co-host of AppStories, a weekly podcast exploring the world of apps, and Unwind, a fun exploration of media and more.

He can also be found on his other podcasts on Relay FM: Connected and Remaster, two shows about Apple and videogames, respectively.

@viticci
@viticci
@viticci@macstories.net
viticci@macstories.net