Not to mention that they allege this was the case six months ago. Curious--albeit not enough to RTFA--as to why they sat on such a golden nugget of PR for so long. My inner cynic is tempted to envision this:
Hrm... Okay, next security vulnerability. This one was submitted 2011/09/29.
(several minutes of analysis pass)
Hey! We fixed this one already. Hey boss! Come here! I GOT ONE!!!
"Gotcha, you snot-necked weenies!" -- Post Bros. Comics