MacRumors explains
Apparently the exploit was supposed to be announced in ComputerBild.de Monday, however was detailed in the press release today.
The exploit is said to be able to place a “(potentially expensive)” call simply by browsing to a specific webpage via Safari on the iPhone. SIT reports that Apple has been notified of the issue nearly one month ago, and that a fix will be made available on November 21st through a firmware upgrade. This lines up with previous information pointing to tomorrow as a release date for iPhone Firmware 2.2.