problem is ninty have no idea what is to patch..
That isn't necessarily a problem.
They know an issue exists and they have a financial incentive to fix it. So they could hire more people to do security audits of the code and up the bounty for disclosure.
Exploits are often released because they have been fixed, so it seems to happen.