Security researchers at FireEye revealed on Monday a vulnerability in iOS that could allow malware to be installed over legitimate iOS apps.
The vulnerability, which FireEye is dubbing "Masque Attack," occurs using Apple's enterprise/ad-hoc provisioning system. Apple offers developers and enterprises the ability to distribute applications to users outside of the App Store. To do this, the user must install what is called a provisioning profile. At that point, the user can install an application directly from a link (or transfer it to an iOS device using iTunes).