That has been pretty quiet.
How does that get fixed?
The only that they could do it is to have an outside code audit running 24/7. They'd need to find exploits before the bad guys and issue patches immediately.
OTOH, they may just stick their head in the sand.