The tools are legit, and the bugs are real, but he has a distasteful habit of feeding sensationalist quotes to outlets like Forbes and Vice.
This time, he told Forbes that "the hacks effectively take Mac security back a decade" [1], and Vice quotes him as saying "this is likely the worst or potentially the most impactful bug to everyday macOS users in recent memory". [2]
Forbes ran the story with the headline "The ‘Worst Hack In Years’ Hits Apple Computers", and that's bullshit.
Thanks for the insight! Seems like quite a talented dude but with the mandatory eccentricity that seemingly often comes with . Great to know that the tools are legit.