Cult of Mac writes iOS ‘Masque Attack’ vulnerability could be more dangerous than WireLurker "To keep yourself protected from Masque Attack, iOS users should not install any apps unless they’re coming directly from the App Store. Do no click on ‘Install’ if a pop-up from a website appears on your iPhone, no matter what it says. And if you open an app and iOS displays an alert that it’s from an ‘Untrusted App Developer’ you should tap Don’t Trust and uninstall immediately."
So to be susceptible you have to install an app not from the app store. It's pretty easy to avoid that. Yes many naive users might be fooled (and many legitimate web sites pop open page or window asking if you want to install their app) but the App Store is so central to the iOS experience I think many people are scared if they aren't installing from the App Store.