There are a lot of people looking for security exposures in the operating system and applications and exposures are found all the time. By the time a patch is made available, I would expect that the exposure has been known for a while and there may be malware exploiting it already. The antivirus company may have been the one to notify the company of the exposure. When a patch is released, there may very well be an uptick in the attacks exploiting the exposure. While there probably are some people looking at the code as the article suggested, I personally think it's equally likely that the details of the exploit may have just been made available. It's not uncommon for "white hat" hackers to notify the company of exposures they discover and hold off publication of the details to give them a chance to patch it. When the patch is released, they publish the details and others can take advantage of it. Some have even released the details early in order to goad the company into making the patch sooner.
The lesson to take away is that exposures will be found and exploited and you need to apply the security patches to close the holes. You also need a good antimalware program, preferably with some kind of heuristic analysis capability to head off the so called
zero-day attacks.