Calling the CSS attr() attribute with a large number leads to memory corruption, heap spraying allows execution of code. Arbitrary remote code execution can be achieved by creating a special website and enticing the victim into visiting that site. iPhone OS versions 1.x through 2.2.1 and iPhone OS for iPod Touch versions 1.x through 2.2.1 are affected.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/79546/GSEC-TZO-45-2009.txt
Source: https://packetstormsecurity.com/files/79546/iPhone-iTouch-Code-Execution.html