We (the public) have known about FORCEDENTRY for 6 months. That time was spent analyzing and understanding the exploit. It does seem like a long time for such a public zero-click affecting 100s of millions of users.