According to a Fraunhofer Institute for Secure Information press release, the eagerly expected iPhone 2.2 operating system update will arrive tomorrow, November 21. The release is expected to bring new features, but the Institute's note highlights a major security problem that can make your iPhone to place a call when visiting a malicious web site. This date is in line with the previous rumors. Update: here's the video of the security exploit that the iPhone 2.2 release will fix, according to the Fraunhoferians.
The Fraunhofer Institute SIT alerted the producers of the iPhone about this issue a month ago. To close this hole, new firmware will be released on November 21.
According to Collin Mulliner, the exploit only requires three lines of HTML code, which anyone with basic knowledge of this language can add to any web page.
The scenario: The iPhone user receives an e-mail or SMS with an Internet link. Clicking on the link will open a web site. But suddenly, the iPhone will start calling a phone number without any user intervention. The worse thing is that you can't stop the call, as the cellphone will be gray while the number is dialed. (...) Even amateurs could easily develop a criminal exploit.
The Fraunhofer Institute says that a similar vulnerability was discovered last month and patched, "but obviously was not enough." [Fraunhofer SIT via Apple Insider]