Under cover of darkness, Apple released Safari 3.1.1 via Software Update tonight. In typical Apple form the description is purposefully vague, recommending the update "for all Safari users" and telling us that it "includes improvements to stability, compatibility and security." A-ha.
WebKit CVE-ID: CVE-2008-1025
Impact: Visiting a malicious website may result in cross-site scripting
Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution
I bet that this Safari update fixes the exploit that was discovered at the CanSecWest hacking contest on 31 March by Charlie Miller who won a MacBook Air (and $10,000 cash) after breaking into the machine via one of the its built-in apps (presumably Safari).