As the Reuters article states, there are two places a non-jailbroken user can get apps from: Apple’s App Store, "or from their own organizations”. There is in fact a way that private companies can distribute their own in-house apps without submitting them to Apple’s App Store, by using the enterprise provisioning features iOS supports. These are distributed outside the App Store, and Apple allows a company to provision a certain number of iOS devices to be authorized for use with these apps. I believe it is this that the mask attack exploit is taking advantage of, thus no jailbreaking would be required. Most users probably have never used these features, so the fear is that they might allow the rogue app to install because they don’t know what the warnings mean. Now, I’m hardly the authority on this exploit but I am almost positive it affects non-jailbroken phones. That is why it is making the news.
Grant On Nov 14, 2014, at 2:04 PM, 'Chris Blouch' via MacVisionaries <[email protected]> wrote: or from their own organizations -- You received this message because you are subscribed to the Google Groups "MacVisionaries" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/macvisionaries. For more options, visit https://groups.google.com/d/optout.
