It looks like the iPhone dev team is up to something. Locked has been following them over at IRC and it looks like Mobile Safari on both the touch and the iPhone are suffering from a one year old TIFF exploit.

Basically, opening a carefully crafted TIFF image will crash mobile safari, causing a buffer overflow and allow for arbitrary code execution. This same exploit was used more than 1.5 years ago to crack the PSP firmware.