This was fixed in 7.0, released in 2015-08-11.

Sierra 10.12.3 appears to be running OpenSSH_7.3p1, LibreSSL 2.4.1

i.e. if you run latest macOS & wondering if this exploit affects you, you're all clear.

>> I guess its either PoC||GTFO for users to update.

Sad but true.

Are there any supported systems still shipping an affected version?