You may remember my coverage of Masque Attack: a security vulnerability in every iOS device that, according to security company FireEye, could "pose a much bigger threat than WireLurker." Here's how the attack works, according to FireEye:
An iOS app installed using enterprise/ad-hoc provisioning could replace another genuine app installed through the App Store, as long as both apps used the same bundle identifier. This in-house app may display an arbitrary title (like “New Flappy Bird”) that lures the user to install it, but the app can replace another genuine app after installation. All apps can be replaced except iOS preinstalled apps, such as Mobile Safari.
Apps replacing their pre-installed counterparts would steal the permissions of the app that the malware pretends to be.
Apple's response to something that sounds so serious has been to basically shrug its shoulders. In the wake of this summer's wave of security breaches, you'd think that the company would be more concerned.
In a statement to iMore, Apple explained its nonchalant response to Masque Attack:
We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software. We’re not aware of any customers that have actually been affected by this attack. We encourage customers to only download from trusted sources like the App Store and to pay attention to any warnings as they download apps. Enterprise users installing custom apps should install apps from their company’s secure website.
While it's true that a Masque Attack only works if the hacker uses third-party app stores, a reaction like this leaves me more than a little concerned. If you're using a third-party app store, then as far as Apple is concerned, you're doing it at your own risk.
With all of that said, the basic vulnerability exploited by a Masque Attack is built on a security flaw. iOS devices aren't confirming that an app is what it says it is. It's Apple's job to fix that.