Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a crafted HTML document.
http://www.vupen.com/english/advisories/2008/3232
http://www.securitytracker.com/id?1021272
http://www.securityfocus.com/bid/32394
http://support.apple.com/kb/HT3318
http://secunia.com/advisories/32756
http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html