Not entirely true. A Palo Alto company found some software that can can infect iPhones/iDevices without the device being jailbroken. The malware can change it's name and more to easily fool users.
The recommended steps to remove, if you think you are infected, are listed below, but this virus tends to be spread in China and Taiwan.
http://researchcenter.paloaltonetworks.com/2015/10/yispecter-first-ios-malware-a ttacks-non-jailbroken-ios-devices-by-abusing-private-apis/
"We recently identified a new Apple iOS malware and named it YiSpecter. YiSpecter is different from previously seen iOS malware in that it attacks both jailbroken and non-jailbroken iOS devices through unique and harmful malicious behaviors. Specifically, it’s the first malware we’ve seen in the wild that abuses private APIs in the iOS system to implement malicious functionalities."
"On infected iOS devices, YiSpecter can download, install and launch arbitrary iOS apps, replace existing apps with those it downloads, hijack other apps’ execution to display advertisements, change Safari’s default search engine, bookmarks and opened pages, and upload device information to the C2 server. According to victims’ reports, all these behaviors have been exhibited in YiSpecter attacks in the past few months. Some other characteristics about this malware include:"
"The world where only jailbroken iOS devices were threatened by malware is a thing of the past. WireLurker proved that non-jailbroken iOS devices can also be infected through abuse of the enterprise distribution mechanism. YiSpecter further shows us that this technique is being used to infect many iOS devices in the wild."
"For iOS users that are potentially infected by YiSpecter, we suggest removing it with the following steps:
- In iOS, go to Settings -> General -> Profiles to remove all unknown or untrusted profiles;
- If there’s any installed apps named “情涩播放器”, “快播私密版” or “快播0”, delete them;
- Use any third-party iOS management tool (e.g., iFunBox, though note that Apple’s iTunes doesn’t work in this step) on Windows or Mac OS X, to connect with your iPhone or iPad;
- In the management tool, check all installed iOS apps; if there’re some apps have name like Phone, Weather, Game Center, Passbook, Notes, or Cydia, delete them. (Note that this step won’t affect original system apps but just delete faked malware.)
Our primary security suggestion to avoid being affected by this kind iOS malware was, is and remains this: never download iOS apps from any untrusted sources, and never trust unknown developers. You should always download iOS apps from the official App Store for personal use, or download your company or organization’s internal app under your IT department’s guidance. Consider that even apps from the App Store can also abuse private APIs for harmful operations, and that these security habits won’t prevent all similar attacks but should prevent most of them. We have also made suggestions to Apple for improving their code review procedures and urged them to improve iOS security mechanisms to defeat these potential security problems."