My understading is that the hackers had a copy of the source code for their app so they had to patch all their outstanding CVE that they where sitting on so the DOJ let them hold back until that was ready. It's not ideal but I suppose there is at least something people can do right now. Feels like they could have been a bit quicker with some of the information though.