CVE-2007-3755
Mail in Apple iPhone 1.1.1 allows remote user-assisted attackers to force the iPhone user to make calls to arbitrary telephone numbers via a "tel:" link, which does not prompt the user before dialing the number.
Date published : 2007-09-27
http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html