Researchers from security company Skycure say they’re concerned about a feature of iOS that could be used by malicious actors to read information, passwords and even encrypted data from devices without customers knowledge, reports “The Next Web” (http://tinyurl.com/d297f5k).
Provisioning Profiles (mobileconfigs) are small files installed with a single tap on iOS devices. Their use is officially approved by Apple and there is nothing innately malicious about any given profile.
“But, if put to the right uses, they do open up the ability to read usernames and passwords right off of a screen, transmit data that would normally be secure (over HTTPS) to a malicious server where it can be read and a lot more,” notes “The Next Web.”
You can read more about Skycure’s findings at http://blog.skycure.com/2013/03/malicious-profiles-sleeping-giant-of.html .