This attack must be run locally. The attacker must already have user access. They can then escalate privileges using this. Meaning your box must already be compromised for this to work. Still serious, but no need to panic in most cases.
This is supposed to be a place for people to learn about self hosting, not for experts to joke about poor practices that real people actually have. Use /s for clarity.
Unless said software has any components that may be network-accessible in which case make sure the software is up to date (although you should also make sure you trust the source)
Do you have a source for how often it happens or is this conjecture? I guess this would most often happen through supply chain attacks or physical access, the first not being all that common in my understanding and the latter not being a typical threat model for a home computer. But if you have a source explaining what actually happens, I would love to read it.