I just responded to someone with Mac 11 (High Sierra is 10.13) so it may be that Apple has issued a fix
well now that it is public I assume they will get their finger out and fix it. it just takes me back that their customers have to point it out to them... sign of the times?
About the same as all the times Microsoft has had to issue security patches after someone tells them about a flaw that has been found
Modern programs and operating systems are SO complex that it really doesn't surprise me that a vendor, any vendor, sends a program out into the wild with a hidden flaw