You may remember my coverage of Masque Attack: a security vulnerability in every iOS device that, according to security company FireEye, could "pose a much bigger threat than WireLurker." Here's how the attack works, according to FireEye:
An iOS app installed using enterprise/ad-hoc provisioning could replace another genuine app installed through the App Store, as long as both apps used the same bundle identifier. This in-house app may display an arbitrary title (like “New Flappy Bird”) that lures the user to install it, but the app can replace another genuine app after installation. All apps can be replaced except iOS preinstalled apps, such as Mobile Safari.
Apps replacing their pre-installed counterparts would steal the permissions of the app that the malware pretends to be.
Apple's response to something that sounds so serious has been to basically shrug its shoulders. In the wake of this summer's wave of security breaches, you'd think that the company would be more concerned.