This scenario assumes that the singular owning entity has the ability to write the patch and cares enough to do so, and that the system can be patched. If that company has enough engineers on staff to write patches, and if there is an update system to quickly push the new software out to every user, then patching can be a very effective security technique. If one of those two things doesn’t exist, then it isn’t. (Remember that there are many IoT devices whose code is in firmware and can’t be patched.)
