Buyers of new 16GB iPhones and 32GB iPod Touch devices should beware: Apple shipped these units without patching a remote Denial of Service vulnerability that was first discovered in iPhone firmware v1.1.2. First report of a remote Denial of Service Safari browser vulnerability exploit that can crash an iPhone by simply visiting a website containing the malicious code was filed on January 24th 2007, however Joshua Morin, a Security Engineer for Codenomicon Ltd., discovered that this vulnerability is also present in iPhone firmware v1.1.3 — with which the 16GB iPhone and the 32GB iPod Touch were shipped.
More...