According Networkworld, the group identified three holes on the site, including arbitrary URL redirects, cross-site scripting, and HTTP response splitting. This could allow hackers to arbitrarily redirect to other URLs and make phishing attacks against developers login credentials more likely to succeed.
While the redirect will cause users to end up at a malicious site, the original link would appear to come from developer.apple.com. YGN said that it alerted Apple to the problem in late April, and that the company quickly acknowledged getting the report. Howver it still has not fixed the holes.
We guess it is hoping that its prayers to Steve Jobs to save them from all security problems with a nice new iPhone will work. YGN are planning to release its discovery in a few days if Apple does not pull finger.