Attackers could exploit it by creating a rogue app that registers an extension with the bundle identifier of an existing application. The extension would then gain full access to that other app's data container, according to the FireEye researchers.
While a third of iOS devices continue to be vulnerable to all Masque attacks, there are likely many more that are only vulnerable to the most recently disclosed Manifest and Extension Masque flaws. The FireEye researchers advise users to update their devices as soon as possible and to keep them up to date in the future.
Sign up for CIO Asia eNewsletters.