macOS flaw allowed attackers to install persistent, undetectable malware