The in-app purchase hack comes from the Russian developer ZonD8o and doesn’t require jailbreaking. Instead, users install two certificates and change their DNS settings to access in-app purchases without paying.
Aside from the fact that using the hack to get in-app content without paying is stealing, it also exposes some of your personal information to the hacker’s servers, such as your iOS device’s GUID code and your location. Considering the fact that they seem fine with offering up a way to steal iOS app content, trusting them with any of your data seems like a less than prudent idea.
Apple is likely already looking into the issue and figuring out how to block the hack, and apps that use the company’s system to validate receipts for in-app purchases aren’t affected.
[Thanks to 9to5Mac for the heads up.]