Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAMEβs content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a crafted HTML document.