Apple iPhone and iPod Touch software prior to versions 3.0 to contain multiple vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code.
The vulnerabilities include 46 separate flaws. Many of the vulnerabilities were fixed on the Mac OS X and Mac OS X platform by Apple Security Update 2009-002, documented by Alert 18201. An attacker could exploit the vulnerabilities to execute arbitrary code on affected devices or conduct cross-site scripting attacks, resulting in the disclosure of sensitive information.
Apple has confirmed the vulnerabilities in a security announcement and released updated software that is available by means of automatic update features.
Apple has released a security announcement at the following link: APPLE-SA-2009-06-17-1