One third of enterprise iOS devices vulnerable to app, data hijacking attacks
Apple released patches for several exploits that could allow maliciously crafted applications to destroy apps that already exist on devices, access their data or hijack their traffic, but a large number of iOS devices are still vulnerable.
The vulnerabilities allow for so-called Masque attacks because they involve the impersonation of existing apps or their components. Three of them were patched in iOS version 8.1.3 that was released in January and two newer ones were patched in iOS 8.4, released Tuesday.
In order to attack iOS devices with these flaws, hackers would have to trick their owners into installing rogue apps through the enterprise provisioning system. Companies use this mechanism to deploy in-house developed apps that are not published on the official App Store.