Mar 14, 2011 11:36 GMT  ·  By

Not even a week has passed since the official release of iOS 4.3 and already Apple is working to patch a newly-discovered flaw in the latest version of its mobile operating system powering iPads, iPhones, and iPod touch media players.

Discovered by renowned security researcher Charlie Miller of the consulting firm Independent Security Evaluators, a flaw in iOS would allow a hacker to bypass Apple’s Address Space Layout Randomization effectively breaking into a user’s iPhone to steal data, or attempt other malicious activities.

Miller found the bug during a hacking contest last week, in Vancouver, Canada.

Divided by categories of systems to hack, the contest saw Miller win the iPhone-centric session by gaining access to the phone’s Address Book via an exploit executed through the Safari web browser.

However, while some reports will have you believe the vulnerability was exploited on the latest version of iOS, that was not the case at CanSecWest.

Miller specifically noted during an interview with ZDnet that his hack involved pointing the iOS 4.2.1 Safari web browser to a rigged website.

He clarified that although Apple has taken some steps to thwart hackers attempting to compromise the web browser, the vulnerability still lies in iOS 4.3, yet it’s difficult to take advantage of.

As such, even with low risk levels, Apple cannot afford to sit with its arms crossed hoping that no one will attempt to find the same vulnerability Miller did last week.

In fact, the security expert reportedly said he had a chat with Apple about his feat, and that they will patch soon, via software update.

Stefan Esser, a security consultant and application developer for Germany-based SektionEins, said last year that he planned to unveil a process for jailbreaking that automatically implements a layer of ASLR (address space layout randomization).

While the last part has already been handled by Apple, he reportedly plans to save his jailbreak exploit for when iOS 4.3.1 comes out. The reason? Apple will most likely burn it with the launch of a new iOS update.