Apple has announced on its development center that the iOS 6 will have a fix to the vulnerability that is used by Russian hacker ZonD80 for hacking the in app purchases.

A vulnerability has been discovered in iOS 5.1 and earlier related to validating in-app purchase receipts by connecting to the App Store server directly from an iOS device. An attacker can alter the DNS table to redirect these requests to a server controlled by the attacker. Using a certificate authority controlled by the attacker and installed on the device by the user, the attacker can issue a SSL certificate that fraudulently identifies the attacker’s server as an App Store server. When this fraudulent server is asked to validate an invalid receipt, it responds as if the receipt were valid.

iOS 6 will address this vulnerability. If your app follows the best practices described below then it is not affected by this attack.

If you are not aware of in app purchase crack, it is done by a Russian hacker and has caused millions of dollars loss in terms of in app purchases. Apple has taken every possible steps in order to block sites and videos giving information on in app purchase crack. Despite these steps the hacker has managed to survive his site by changing to different servers and still promising for continuity of the service.

You can visit official page on In-App Purchase Receipt Validation on iOS for more details. Here Apple has also given steps for developers in order to circumvent the in app purchase crack vulnerability.

据国外媒体报道，一位名为“ZonD80”的俄罗斯开发者已经研究出一种可以绕过苹果iOS应用内购物（In-App Pruchasing）系统的方法，让用户们可以免费下载他们想要的任何东西。这种破解方法不需要用户对他们的iOS设备进行“越狱”，而是使用了一种被称作“应用内代理”（in-app proxy）的技术。

这也是应用内购物系统被破解的首个案例，同时它也暴露出iOS应用开发者可能因为这个原因而遭受损失的风险。

但笔者并不建议消费者使用这种技术，不仅因为这是一种不道德的偷窃行为，而且苹果很可能会发现用户的这种行为，因为每一位iOS用户的设备都与用户唯一的苹果ID捆绑在一起。

截至本文发稿，苹果尚未就此发表意见。

文/腾讯科技