Apple says it’s unaware of any iOS users affected by the so-called “Masque Attack.”
Masque Attack was discovered and described by FireEye mobile security researchers (http://tinyurl.com/l96l7yp). This attack purportedly works by luring users to install an app from a source other than the iOS App Store or their organizations’ provisioning system. In order for the attack to succeed, a user must install an untrusted app, such as one delivered through a phishing link.
In a statement to iMore (http://tinyurl.com/pyz6ccg) Apple says: “We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software. We’re not aware of any customers that have actually been affected by this attack. We encourage customers to only download from trusted sources like the App Store and to pay attention to any warnings as they download apps. Enterprise users installing custom apps should install apps from their company’s secure website.”