That's terrible, but it's not the fault of the OS vendor; presumably such a malware could be distributed with any OS.

Ironically, it couldn't be with macOS, which this whole thread is about avoiding.

It certainly could if Apple wanted to do the same thing that Lenovo did.

Would MacOS actually have prevented it? Would Superfish just have simply signed the binary? Sure it wouldn't have started up when the Apple servers are down, but that's a very small percent of the time.