> I personally think the researcher should make the decision that best protects users from that specific vulnerability.

I find it odd that you're putting the responsibility of making decisions about how to protect Apple's users on an unaffiliated third party.

Apple has a multi-hundred-billion dollar war chest and, if they wanted to, could afford to make macOS the most secure operating system on the market. The fact that they don't is their own choice and a reflection of their priorities, not some act of God or a natural disaster. Putting the onus for cleaning up the mess in the most "responsible" way possible on third parties with a fraction of Apple's resources is being too kind to Apple.

My point was exactly the opposite of putting the onus on the researcher. I support responsible disclosure. In responsible disclosure, the researcher informs the vendor (Apple) and leaves it to them to coordinate informing people of mitigations and pushing out a patch. If the vendor fails to respond or make progress in a certain period of time, the researcher can inform the public. It specifically puts the responsibility for dealing with the vulnerability in the hands of the vendor.