Recently, TrendMicro, a security company, has published a serious flaw in iOS 11 that involves a malicious profile that can harm your phone and render it inoperable temporarily.
The latest Safari on iOS will automatically download a profile if it accepts a server response from a website.
The images above show how the profile is a blob object and how Safari receives it
An iOS Configuration Profile has many uses such as enabling ” developers to streamline the settings of a huge number of devices, including email and exchange, network, and certificates”. Malicious profiles can wreak havoc on your devices through this by creating unsigned instances of itself and preventing deletion.
The profile creates the same icon over and over again, filling all the pages up on the phone with useless icons that crash the SpringBoard if clicked.
In order to remove it from your device, you must use Apple’s Configurator tool to manage the installed profiles. It only works on Mac and can fail if the profile was not installed correctly.
A video of this malware in a more weaponized version can be seen here: https://www.youtube.com/watch?v=R7t2YOpiZGI&t=312s
As you can see, you shouldn’t install profiles from unknown sources as are capable of messing with the settings and take advantage of loopholes such as this. Another good practice would be updating your phone to the latest version, but that can also be bad as seen by this new iOS 11 malware.