First major work-around of in-app purchasing system sees over 30,000 purchases made for free.
9to5mac first revealed that Russian hacker Alexey V. Borodin created an online service called In-Appstore.com to facilitate free transitions. The system isn't strictly speaking a hack, but a method for bypassing Apple’s authentication servers.
It works by re-directing requests to Borodin’s service, which then fools the app into thinking that it has ‘purchased’ the content by delivering back a single legitimate purchase receipt, which was donated by Borodin himself.
This makes the breach pretty insidious because it cannot be prevented by simply validating App Store receipts.
There are two possible fixes for Apple: making each purchase receipt unique using a securely encrypted receipt, or ensuring that the verification process is talking directly to Apple and not some third party server.
Apparently Borodin has now ceded control of his site to a third party to avoid further trouble.

http://www.mobile-ent.biz/news/read/...-breach/018640