The Fraunhofer Institute SIT alerted the producers of the iPhone about this issue a month ago. To close this hole, new firmware will be released on November 21.According to Collin Mulliner, the exploit only requires three lines of HTML code, which anyone with basic knowledge of this language can add to any web page.
The scenario: The iPhone user receives an e-mail or SMS with an Internet link. Clicking on the link will open a web site. But suddenly, the iPhone will start calling a phone number without any user intervention. The worse thing is that you can't stop the call, as the cellphone will be gray while the number is dialed. (...) Even amateurs could easily develop a criminal exploit.The Fraunhofer Institute says that a similar vulnerability was discovered last month and patched, "but obviously was not enough." [Fraunhofer SIT via Apple Insider]