The security vulnerability, just patched with the latest iOS 4.1 for iPhone and iPod touch, occurs because of an issue in the handling of invalid certificates, Apple said in an advisory.
The iOS 4.1 update includes fixes for a total of 24 documented security holes, most in the open-source WebKit rendering engine.
The WebKit flaws could be exploited to take complete control of iPhones or iPod touch devices that are lured to maliciously rigged Web pages.
The patch also fixes a user interface accessibility vulnerability in the settings panel for Location Services. This may cause the VoiceOver feature to not announce the presence of the location services icon that is shown next to an application that has requested the user's location within the last 24 hours.
It also fixes a memory corruption issue in the handling of TIFF images. Processing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution, Apple said.