Too many people have been using In-App Purchasing exploit for a years, some of them using the way that was discovered by the Russian hackers from the few weeks and of course almost all of us are using iAP Cracker from Cydia store that allows you to buy anything you want from almost all of the apps. But today we have discovered that Apple started emailing developers today, with more information regarding the recently-discovered in-app purchasing exploit. Earlier this month, news broke of a hack that allowed users to acquire paid in-app content, for free.
9to5Mac shares an excerpt from the new support page:
“A vulnerability has been discovered in iOS 5.1 and earlier related to validating in-app purchase receipts by connecting to the App Store server directly from an iOS device. An attacker can alter the DNS table to redirect these requests to a server controlled by the attack. Using a certificate authority controlled by the attacker and installed on the device by the user, the attacker can issue a SSL certificate that fraudulently identifies that attacker’s server as an App Store server. When this fraudulent server is asked to validate an invalid receipt, it responds as if the receipt were valid.”
Also for those people who still having any questions about this. They can head forward to Apple’s Q&A pageIf you found this post useful, hopefully hit the +1 (recommend) button ⇉
You can follow Abdelrahman Mohamed on Twitter, join our Facebook fanpage and add me on Google+ to keep yourself updated on the latest jailbreak and unlock news.