The security update is available through iTunes and is automatically downloaded when the iPhone is docked.

The size of the update is 7.1 MB and it fixes two security issues in Safari, two in WebKit and one issue with WebCore.

On the security issues in Safari was reported last week by Independent Security Evaluators, a security research firm from Baltimore.

The vulnerability is addressed by CVE-ID: CVE-2007-3944 security bulletin.

“Impact: Viewing a maliciously crafted web page may lead to arbitrary code execution

Description: Heap buffer overflows exist in the Perl Compatible Regular Expressions (PCRE) library used by the JavaScript engine in Safari. By enticing a user to visit a maliciously crafted web page, an attacker may trigger the issue, which may lead to arbitrary code execution. This update addresses the issue by performing additional validation of JavaScript regular expressions.” writes Apple in the security bulletin.

One of the WebKit issues that were fixed involved look-alike characters in a URL that could be used to masquerade a website and a maliciously crafted website that could lead to an unexpected application termination or arbitrary code execution.

Apple’s security bulletin regarding iPhone is available here.

Apple also released a new version of Safari 3.0, which is still in beta. The new version, Safari 3.0.3, fixes some security flaws for both the Windows and Mac OS versions of the browser.