The iOS 6 fill the security flaw in-appstore.com

Apple has begun sending emails to its developers with more information about the hack in-app purchases discovered by a Russian that allows users to make purchases in-app for free.
The email contains a link to a new page on the Apple developer site, to review progress on the issue, and offer a temporary solution. It also indicates that a permanent patch is coming in iOS 6.

Here is an excerpt of the email sent by Apple:

"A vulnerability was discovered in iOS 5.1 related to the validation of invoices in-app server by connecting to the App Store directly from a device IOS. A hacker can change the DNS table to redirect these requests to a server controlled by the attack. Lattaquant may issue an SSL certificate that identifies fraudulent server like the App Store. When this server effeectue fraudulent application to validate an invalid received, it responds as if the receipt was valid. "

discovered in iOS 5.1

Apple has also provided a section Questions / Answers to frequently asked questions these days. If you are a developer or just interested, you can find more details here.