Apple to patch a new security flaw in its Safari Web browser

Apple to patch a new security flaw in its Safari Web browser

After having recently released its iOS 4.3 update, Apple is apparently also working on introducing an incremental update for its mobile devices, including its just-launched iPad 2, in order to patch a newly-discovered security vulnerability in the Safari Web browser.

The flaw in the iOS mobile operating system was exposed by researcher Charlie Miller at the Pwn2Own hacking contest this week.

Miller, who won the iPhone-specific part of the contest with his hack, said in a Twitter post that he had communicated with Apple to share the information that the exploit which he had used took advantage of a hole in the iOS to bypass Address Space Layout Randomization (ASLR) - a new security feature that Apple has introduced in the iOS 4.3 update.

Miller tweeted: “Apple already has the vulnerability information and will patch soon.” Miller, who performed the hack with his partner Dion Blazakis, has shared the information about the exploit with Apple only because, as per the rules of the Pwn2Own hacking contest, the hackers could not release the vulnerability to the public. Incidentally, the iOS 4.3 update, which comes pre-installed on the iPad 2, was released by Apple this Wednesday; and one of the most notable improvements that the update boasted was in the Safari browser, with JavaScript rendering speeds being two-fold faster than those in iOS 4.2.