Apple Announces iOS 6 Will Fix In-App Purchases Hack

Posted July 20, 2012 at 9:23pm by iClarified | Please help us and submit a translation by clicking here | 8086 views

Apple has announced that iOS 6 will fix a vulnerability that allowed a hacker to fraudulently validate in-app purchases.

A vulnerability has been discovered in iOS 5.1 and earlier related to validating in-app purchase receipts by connecting to the App Store server directly from an iOS device. An attacker can alter the DNS table to redirect these requests to a server controlled by the attacker. Using a certificate authority controlled by the attacker and installed on the device by the user, the attacker can issue a SSL certificate that fraudulently identifies the attacker's server as an App Store server. When this fraudulent server is asked to validate an invalid receipt, it responds as if the receipt were valid.

iOS 6 will address this vulnerability. If your app follows the best practices described below then it is not affected by this attack.

Apple also provides steps developers can take to circumvent the vulnerability now.

Read More [via Teresa]


Share
Add Comment
per10 - July 21, 2012 at 2:39am
INSTALLOUS!!!!!!!!!!!!!!!!!!!!!!!!!!
DNA64 - July 21, 2012 at 5:02am
TEXT EDIT/NOTEPAD!!! ;P
Follow iClarified
Hacked AT&T Carrier Update Could Improve Your Network Performance
Joseph Brown has released a hacked AT&T carri...
Fab.com Gets All New, Re-Imagined App
The Fab.com app has been updated to version 5...
Yahoo Board Approves $1.1 Billion Deal to Acquire Tumblr [WSJ]
Yahoo's board has reportedly approved a $1.1 ...
Teen Run Over and Killed as Thieves Steal His iPad
Marcos Vincente Arenas, a 15 year old teen, w...
The New Yorker Magazine App Gets Partial iPhone 5 Support
The New Yorker Magazine app has been updated ...