VEGAS (CNNMoney) -- Apple introduced an important security feature in the latest version of the iPhone's software, yet it is rarely used by third-party applications, leaving users vulnerable to a targeted attack.

The feature, known as address space layout randomization, or ASLR, randomizes key pieces of data in the iPhone, making it difficult for attackers to find where they're stored.

407Print
One component of ASLR, known as position-independent executable, or PIE, hides executable code that hackers can use to carry out attacks. When enabled, those tools can help protect the iPhone from being remotely exploited by a hacker.

All of the applications that come pre-installed on the iPhone running the latest software version, iOS 4.3, use both ASLR and PIE. But only the iPhone 3GS and iPhone 4 have access to iOS 4.3. In the U.S., the update is only available for AT&T (T, Fortune 500) customers and is not yet on Verizon's (VZ, Fortune 500) iPhones.

In fact, most third-party apps have poor data encryption, and they are rarely compiled with the security features that Apple (AAPL, Fortune 500) put in place, said Dino Dai Zovi, independent security consultant and notorious Apple hacker, at the Black Hat cybersecurity conference in Las Vegas on Wednesday.

"That's a pretty serious threat factor," he argued.

Without those features, a hacker could exploit an app's vulnerabilities and take over a phone when a user clicks on a malicious link.

Countries brace for The Code War
For instance, a click-happy user could tap on the wrong link in the Twitter or Facebook apps -- neither of which have PIE support -- and the user's iPhone could be taken over by a hacker.

Even with that vulnerability in place, it's not an easy process to take control of an iPhone. An iPhone attacker who finds a bug can't get very far without gaining access to the system administration or "root" of the device.

But in an iPhone, even root access does not give a hacker access to the core of the phone known as the kernel, which connects the software to the hardware. And even if an attacker has access to the kernel, that doesn't necessarily mean the hacker can access it for any application or even if the user reboots the iPhone.

"That's what makes jailbreaking apps so impressive, because it takes a lot more steps to attack an iPhone than a desktop," said Dai Zovi. "IOS is not perfect, but it makes the attacker work extra hard."