For nearly a year, Chinese hackers have used a novel one-two punch to compromise iOS devices.