Some clever people at the PWN2OWN content in Vancouver have managed to prove an exploit involving Safari and the iPhone. Their proof shows how they could execute code from a malicious website to extract the contents of the sms database, you can read full details in
Zynamics press release
Theres a great set of videos explaining buffer overflow attacks starting here
with a hands on demo of return to libc hacks here