WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and
iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle
redirects, which allows remote attackers to read images from
arbitrary web sites via vectors involving a CANVAS element and
redirection, related to a "cross-site image capture issue."
Presumably all affected versions are gone from tree. Closing as discussed with keytoaster.