There's a lot of "could" and "might" in this story, folks, so keep that in mind. MacNN is reporting that a group of iPhone developers has identified a bug in the current iPhone firmware that could lead to an exploit of the Default.png file.
Default.png is what's displayed when an application is launched in the iPhone. Typically it's a static image, but some of Apple's applications use a dynamic file, which could be fooled into granting access to third party code.
This sounds like conjecture to us, and MacNN's sources are not known, so keep that in mind. Plus, iPhone firmware 2.2 is rumored to be released on the 21st. Perhaps it will lock this down.