Neat writeup on some 'new' iOS malware by @lorenzofb: https://motherboard.vice.com/en_us/article/mby7kq/malware-to-spy-hack-iphones … 

Abuses MDM, which requires a signification level of user-interaction (or physical access) - but no exploits per se.
...would love to see @kaspersky's technical writeup on this! 
Will Dormann Retweeted Will Dormann
"You'd need to social engineer them in some way to installing the profile." True, it's not terribly slick or clever. But it doesn't matter. In an ideal world, Office Macros wouldn't be a problem since they require user interaction / social engineering.https://twitter.com/wdormann/status/941774539876454400 …
Will Dormann added,
Will Dormann @wdormann
This modal dialog, which any website on the internet can trigger, begins iOS down the path of installing an Enterprise configuration profile, which can configure nearly any aspect of a device.
Such a profile may only be removable with a factory device reset.
This is fine? pic.twitter.com/D9rgkhaazT
11:10 AM - 27 Nov 2018
0 replies
0 retweets
2 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.