I'm curious how much data this vulnerability could allow access to. The quote mentioned cached emails and potentially login-tokens, would it also include other cached data?
Let's say the attacker replaced something like 1Password or other password saving application.
Looking forward to Apple patching this up as soon as possible.
Replacing Ipassword in a way you wouldn't notice, unlikely. But if they're installed in he same sandbox and the developer of this app knows where to look, they would have access to the application files. Unless it is easy to know what sites the data refers too, it would be relatively safe. I don't know enough about the implementation to know for sure.
Wonder if Apple could make it so that some Apps can be locked down and can't be upgraded or tampered unless you unlock them. Very few apps need this, but passwords lockers probably do.
Accessing emails that are in the Apple Email sandbox, I don't think it is possible. They could if you have a non Apple app for your emails, like Gmail.
----------
Yup, a few people confirmed it. Basically just one pop up to install or not install and potentially one when running the app for the first time to trust the developer or not. But rather transparent profile installation and it seems it can stay on even if the app is removed without user knowledge essentially since in iOS 8 there's no way to see those profiles on the device itself.
CDM, many people actually said they saw the profiles on their phone. Not sure it is an universal thing (maybe it happens in certain use cases), but several people on this thread have stated they saw the profiles.