OTA update, and still vulnerable?

I received the OTA update to software version 4.28.502.2 yesterday and it installed with zero problems. (The hardest part was dealing with the slow transfer of files as I backed up my phone before installing said update.) My phone is completely stock (running Android 5.0.2), and no root. That being said, I checked tonight to see if I was still vulnerable... and apparently I still am. The impression I got yesterday (I received the notification that an update had been downloaded, but I looked it up before I applied it to see what it was about) was that the update was to fix the vulnerabilities of my phone. I have looked, and verified, on AT&T's webpage about the update that everything matches. Two separate apps, one by Zimperium, say that I'm still vulnerable. The Zimperium app says its due to CVE-2015-3864.

Trying to find information about CVE-2015-3864 has been a pain. All I've been able to locate is this:

Quote:

It is important to note all Common Vulnerabilities and Exposures (CVEs) were patched, and Google has assigned the Exodus discovery with CVE-2015-3864, so it is well aware of the problem.

(source)
and:

Quote:

"The issue is still exploitable, despite the patches currently being shipped to Android devices," Exodus Intelligence wrote in a blog post on Aug. 13. "As of this morning, Google has notified us they have allocated the CVE [Common Vulnerabilities and Exposures] identifier CVE-2015-3864 to our report."

(source)

Has anyone else downloaded the OTA update, and then checked to see if they are still vulnerable and found out they were?

Attached are screenshots of the results, and my phone's software (as well as other) information that matches up to what AT&T says it should be after the update.

Attached Thumbnails