Link -> In-App Purchase Receipt Validation on iOS
Apple has released to developers new guidelines for in-app purchase validation. They have also issued downloadable code to help developers implement the new validation procedures. If your app uses in-app purchases ( especially if you don’t validate on your own server ) then you need to read this document.
Developers who have apps that use only Apple’s servers for validation are particularly vulnerable to the recent in-app purchase exploit developed to attack iOS. If you validate on your own server already you may not have been affected. Still Apple is recommending that all developers implement the new instructions.
Update: Apple says that this is a temporary fix, and the exploit will be fixed when iOS 6 is released. Also, a similar work-around to exploit in-app purchases has been found in Mac OS X.