The most interesting, and troubling to some developers, feature of the new exploit was that it was so easy; no jailbreak was needed. Software developer Alexey V. Borodin aka ZonD80 showed a simple three-step technique for beating Apple's payment systems by installing a few certificates (CA and appstore.com) and changing the DNS in Wi-Fi settings—basically a matter of installing system certificates and doing a certain Wi-Fi tweak.
The technique included a fake in-app purchase server as well as a custom DNS server. The exploit worked on devices running iOS 3.0 to 6. According to reports, however, the hack did not work in specific regions around the world. The reason suggested is that developers there were using enhanced ways to protect their apps.
The exploit for circumventing Apple’s in-app purchasing system was first flagged by a Russian blog i-ekb.ru. Reacting to their tips, news of the exploit tutorial was soon after reported on the Apple-watching site, 9to5 Mac. The comments were that, since the published instructions were already getting attention, the site decided to carry the story too “as a warning to the Apple developer community.”
Join us on our
Share this page with your friends
on your favorite social network: