BY THE NUMBERS: Apple: Mac App Store hit 1 million download mark in 24 hours
The problem is that if an application - so far it's just the Angry Birds puzzle video game - doesn't check whether the Mac App Store receipt data entered to activate it actually corresponds to that app, it will activate it anyway so long as it's a valid receipt for any application.
This is not a problem for applications that make the check properly. It could be avoided altogether if Apple's review process before approving applications for sale included verification that the check is done right, says blogger John Gruber in his Daring Fireball blog.
Apple actually recommends how to set up the receipt checks properly, but it is up to individual developers to follow through.
According to online instructions, in order to carry out the theft, a person has to first obtain a copy of the application somehow plus a valid Mac App Store receipt for anything. They then plug in the receipt data and if the application doesn't check that the receipt refers specifically to the application itself, the data will activate the app.
Apple hasn't issued a statement yet about the weakness.
Read more about anti-malware in Network World's Anti-malware section.