A malware technique labeled "Masque Attack" allows an attacker to substitute malware for a legitimate iOS app under a limited set of circumstances. It affects OS devices running iOS 7.1.1, 7.1.2, 8.0, 8.1, and 8.1.1 beta.
Masque Attack was discovered and described by FireEye mobile security researchers (http://tinyurl.com/l96l7yp). This attack works by luring users to install an app from a source other than the iOS App Store or their organizations’ provisioning system. In order for the attack to succeed, a user must install an untrusted app, such as one delivered through a phishing link.
This technique takes advantage of a security weakness that allows an untrusted app—with the same "bundle identifier" as that of a legitimate app—to replace the legitimate app on an affected device, while keeping all of the user’s data. This vulnerability exists because iOS does not enforce matching...| Read more »