The linked Thunderbolt security report details 7 specific vulnerability scenarios. I can only imagine that Apple is long aware of these and will address them.
One in particular I found interesting is the weakness on Macs that run Boot Camp:
Apple supports running Windows on Mac systems using the Boot Camp utility. Aside from Windows, this utility may also be used to install Linux. When running either operating system, Mac UEFI disables all Thunderbolt security by employing the Security Level “None” (SL0). As such, this vulnerability subjects the Mac system to trivial Thunderbolt-based DMA attacks.
The way I read it, the vulnerabilities occur when a device is allowed to update its firmware. A Mac running Boot Camp disables Thunderbolt security and opens the door for attack. Here’s detail on the DMA attack.