Apple is reported to be investigating a weakness in its iOS in-app purchase technology which enables content to be downloaded free-of-charge, stating that: “We take reports of fraudulent activity very seriously, and we are investigating.”

According to The Register, a Russian hacker posted a video of the exploit on YouTube, which requires “installing a couple of certificates and assigning a specific IP address to the device”. The exploit appears to work with devices running iOS 3.0 and later, and does not require handset to be jailbroken.

However, shortly after the video was removed, “due to a copyright claim by Apple Inc.”

MacRumors noted that while providing consumers with access to free content, the hack itself is not without its issues, notably that some data is routed through the servers of the Russian who cracked the system in the first place – including App Store user names and passwords.

The system appears to work by taking a genuine receipt for an in-app purchase, and then using it to authenticate purchase requests made by multiple devices. This requires an authentic receipt to be generated in the first place, with claims that the hacker, Alexey Borodin, had spent “several hundred dollars” to generate these.

It was noted that developers using their own servers to authenticate purchases would not be affected.

According to TheNextWeb, while more than 30,000 in-app purchase requests had been made through the service, Borodin has received just US$6.78 via PayPal donations supporting his work.