Further details have now emerged that suggest this hack will work for all IAPs running on iOS devices. Hence we expect Apple to now be in crash mode, reworking how iTunes authentication works.
Over the years, there have been a number of ways of pirating apps and games on iOS.
The general approach involves jailbreaking your device - not recommended for numerous reasons - moral and practical.
But now a mysterious Russian hacker (ZonD80) reckons he will be able to get you free in-app purchases from games such as CSR Racing and Temple Run just by changing some settings on your iPhone.
Oh, and you have to change your DNS settings to his IP address (really, really not recommended) so your device will connect his proxy server instead of hitting Apple's iTunes servers.
As he seems to demonstrate in a YouTube video of the work in progress project, if you do this, you get around iTunes verification because purchasing IAP in these game is a process that can be fooled by verification from an unofficial server.
We're assuming it wouldn't work with games that have a more rigorous validation process between the game and iTunes.
Aside from the technicalities of the approach - which developers and Apple will no doubt look to combat with new code, encryption, IP blocking etc - what's as interesting is the Russian's views about IAP.
"Why you must to pay for content, already included in purchased app? I think, you must not", he comments on the video's description.
And when getting free IAP from Temple Run he comments by way of explanation, "Sorry Imangi. It's Russia."
Yet, a final peculiarity of the whole affair is that despite proporting to be able to effectively take down the business of free-to-play gaming on iOS, ZonD80 is asking for donations so he can raise the $300 he needs to hire servers and buy domain names.
Expect this video to be removed soon.