It is somewhat costly to exploit, but the fix is replacing one part with a drop in replacement. And this attack has existed since ~2005. Not informing users about this in general is pretty irresponsible.