A Russian hacker has found a way to obtain in-app purchases from iOS apps for free, without the need for a jailbreak, reports 9to5Mac.
There are three 'simple' steps to the procedure:
● installation of CA certificate
● installation of in-appstore.com certificate
● changing DNS record in wi-fi settings
*Note, that in-appstore works only when you connected to Wi-Fi, not Cellular network.
The hack also requires you send information about your transaction through the hacker's server. That information includes: restriction level of app, id of app, id of version, guid of your idevice, quantity of in-app purchase, offer name of in-app purchase, language you are using, identifier of application, version of application, and your locale.
At this point it seems that apps which properly validate in-app purchase receipts are unaffected by the hack; however, it appears that many apps do not do this.
The hacker's service is already down to high traffic. Note, due to high load Service is unstable. Reporting of failed purchases disabled.
We haven't heard from Apple now.
For those interested, you can see the hack demonstrated in the video below...
via iclarified
June 10th is the Right Day for Apple's WWDC Keynote ![[Leaked] Dual LED Flash, New Colors for Low Cost iPhone?](http://images.cyberimg.com/iphone/2013/05/23/rumoriphonemini.jpg)
[Leaked] Dual LED Flash, New Colors for Low Cost iPhone?
Gameloft Releases Epic for iPhone, iPad, and iPod Touch
Coooool~ Developer Hacks iPhone to Route Push Notifications Through Google Glass
![How to Perform a SemiRestore Without Losing Your Jailbreak [Video Preview]](http://images.cyberimg.com/iphone/2013/05/20/SemiRestore_banner.jpg)