A hack that lets iOS users trick the App Store into giving them in-app purchases for free has gone public, potentially costing app makers revenue and causing Apple a major headache.
Similar Articles

The exploit was first posted Wednesday, but came into prominence early Friday, after it was publicized by several websites. (In fact, the hack has proven so popular that the server allowing it is down as of this writing due to overwhelming demand.)

Alexey V. Borodin of Russia built the in-app purchase hack, which requires several steps—including installing bogus certificates on your device, and using a specially-crafted DNS server. Those ingredients combine to fool apps into believing that they’re communicating with the App Store, when they’re actually going to a Web server that pretends to be the App Store instead. Borodin told Macworld that his exploit works in part by faking—or “spoofing”—the code receipts that Apple issues for in-app purchases which developers use for validation, with the iOS device configured to mistakenly believe that those receipts are coming directly from Apple.


[link to www.macworld.com]