I hadn't seen this on here yet, and thought the folks here should be aware.
Apple's in-app purchase system has been circumvented by Russian hackers. A simple set of instructions allow a non-jailbroken device to download in-app content for free. I just tested this on my company's app and was sad to see that it worked. Took me all of about 3 minutes.
Here are the instructions:
And here is a writeup on The Loop in which Apple (sorta) responds:
Apparently Apple's approved process of validating reciepts is still not enough to thwart this technique, though many apps that utilize content from an outside service and verify the purchase themselves (MLB at Bat is an example) do not work with this hack.
Sad news indeed.
Las Vegas, NV