updated 12:32 pm EDT, Fri July 13, 2012
Vulnerability affects all versions of iOS from 3 onwards
A Russian developer has discovered a way of getting in-app purchases from iOS apps for free, reports say. The hack can be performed without jailbreaking a device, and should moreover work on any iOS device running iOS 3.0 or later, even up to the beta of iOS 6. The technique involves installing a pair of certificates and changing DNS details under Wi-Fi settings. When making purchases from apps a pop-up from in-appstore.com should appear instead, which despite an unrelated message, allows people to skip paying.
Some apps may be immune to the exploit though, as developers can opt to validate receipts for in-app purchases. Apple may want to crack down on the problem as soon as possible; while developers take in the bulk of the money from any in-app purchase, Apple is supposed to receive a 30 percent cut. The App Store generates a relatively miniscule amount of profit for the company, but it may still be concerned about offsetting expenses.