An iOS app installed using enterprise/ad-hoc provisioning could replace another genuine app installed through the App Store, as long as both apps used the same bundle identifier.
This in-house app may display an arbitrary title that lures the user to install it, but the app can replace another genuine app after installation. This vulnerability exists because iOS doesn’t enforce matching certificates for apps with the same bundle identifier.
The research by FireEye allows an attacker to leverage the vulnerability both through wireless networks and USB.
VIEW FULL STORY