The email contains a link to a new page on the Apple developer site, to review progress on the issue, and offer a temporary solution. It also indicates that a permanent patch is coming in iOS 6.
Here is an excerpt of the email sent by Apple:
"A vulnerability was discovered in iOS 5.1 related to the validation of invoices in-app server by connecting to the App Store directly from a device IOS. A hacker can change the DNS table to redirect these requests to a server controlled by the attack. Lattaquant may issue an SSL certificate that identifies fraudulent server like the App Store. When this server effeectue fraudulent application to validate an invalid received, it responds as if the receipt was valid. "
|discovered in iOS 5.1|