So yes, I'm pretty sure that there are various teams, including white-hats such as Google, black-hats, nation-states such as China / Russia, analyzing each and every update.
There was also an interesting article on hackernews a while back demonstrating the technique, there are some nice tools for this. Sorry, can't find the link now.
There is also a black-market that can be even more lucrative. A bug could be jackpot for criminals.
See also https://en.m.wikipedia.org/wiki/Market_for_zero-day_exploits
So yes, I'm pretty sure that there are various teams, including white-hats such as Google, black-hats, nation-states such as China / Russia, analyzing each and every update.
There was also an interesting article on hackernews a while back demonstrating the technique, there are some nice tools for this. Sorry, can't find the link now.