Researchers at CheckPoint, a security firm, discovered a new vulnerability that allows hackers to install malware on iOS devices through MDM solutions commonly used by enterprises.
Apple has created a Developer Enterprise Program that allows companies to install internal apps on employee devices by using enterprise app certificates signed by Apple, instead of accessing the typical consumer app store. Hackers have discovered how to abuse these certificates and use them to install malware on devices.
Apple introduced more security measures in the iOS 9 update to prevent sources taking advantage of enterprise app certificates. While this may cut down on the problem, Check Point recommends implementing an evaluation system for enterprises to monitor any potentially malicious material accessing devices, instead of relying on end-user analysis.