Re: A simple temporary fix or am I missing something here?
Indeed .. however until a permanent fix becomes available a little whack-a-mole remediation might be advisable to those of us who have Mac users to protect.
The password file and master password file could be set to immutable without any issue as well as they are not modified in normal use (and only used in single user mode).
So I'm now running with ...
chflags -vv schg /private/etc/ /bin/ /sbin/ /usr/bin/ /usr/sbin/ /opt/X11/bin/ /usr/lib/
for the time being. (will need to undo [noschg] that before patching though)
FOOTNOTE: if you mention 'slash etc slash passwd' in a message the posting gets auto blocked 8-)