The Chinese are recently using the Enterprise distribution method to let users install a package that isn't reviewed by Apple without even exploiting. It is just a loophole in such distribution mechanism and can only be fixed with a change of the rule. This method can also be used in a malicious way to distribute softwares that may require jailbreak but doesn't actually need custom libraries and it can be written as a malicious software. e.g. They can make a browser which logs everything you type and send it to their server or just divert you to a vpn just like the above case.
But just because how pricy is the enterprise plan, it is not really possible to have attackers except a big group of them,