OK, it seems to ask me to authenticate to move a folder to certain directories in /Applications, apparently those created by installers running with admin privileges, but I am able to move a folder to a folder that I've moved to the /Applications directory under my regular user account with authentication without needing to re-authenticate. But since the majority of my apps are not in their own directories, I am still asked for admin privileges to modify them. I am aware that the admin account is not in the root wheel, but the /Applications directory is owned solely by the 'admin' account; just not necessarily all sub-directories apparently.
It does work for Firefox, which I don't use on my Mac, but not for Safari, which I do. It seems first party apps and ones installed with a proper installer are not susceptible to this vulnerability, so you would have to rely on the presence of third party apps that don't get installed with installers. I would guess Mac App Store apps are also protected, but I am unable to test that. You are right that there is a vulnerability, though it's extent is questionable.
