To install anything else, you have to give it explicit permission.
Depending on how you set Gatekeeper, it will either only allow apps from the Mac App Store to be installed without user intervention, or apps from the App Store along with those that have been code-signed by their developers. The vulnerability in question was in Gatekeeper, the tool that prevents unauthorised apps from being installed on your Mac. One recent example occurred in May 2019 when a researcher, having had no response after giving Apple 90 days to fix it, went public with details of a vulnerability he had discovered.