So how can one protect themselves from this type of attack, or does responsibility lie on the vendors to keep up with security updates?