"We've done it," he said, "but now we have to make sure this vulnerability is patched before it can be exploited by others."