Following the recent drama related to free downloads of in-app purchases, Apple is now sending an email to developers who have apps in the App Store. The email sent to developers is regarding the in-app purchase receipt validation. In the email Apple has linked to a document that is located on it’s developers website. This page explains the in-app purchase validation bug and how hackers can download paid content for free using a certificate authority controlled by some attacker. Here’s an excerpt from Apple’s document for developers.
A vulnerability has been discovered in iOS 5.1 and earlier related to validating in-app purchase receipts by connecting to the App Store server directly from an iOS device. An attacker can alter the DNS table to redirect these requests to a server controlled by the attacker. Using a certificate authority controlled by the attacker and installed on the device by the user, the attacker can issue a SSL certificate that fraudulently identifies the attacker’s server as an App Store server. When this fraudulent server is asked to validate an invalid receipt, it responds as if the receipt were valid.