F-Secure notes that the vulnerability disguises itself as an Adobe Acrobat (PDF) file in an effort to trick users into opening it, which of course, triggers its payload. It even opens a bogus Chinese-language PDF in order to deceive the user and avoid detection. The payload, Backdoor:OSX/Imuler.A according to F-Secure, then runs in the background.
The good news, I suppose, is that Revir.Ais fairly innocuous at this point. The payload is a bare Apache installation that is "not capable of communicating with the backdoor yet." The going theory is that the author may have leaked it to see if any of the antivirus detectors picked it up. Luckily, someone did.
It's important for Apple to act swiftly on this one. From the looks of things Revir.A probably wouldn't be too hard to weaponize and we're not sure how many people might already have the source code.