The question I have is what VW did after receiving the injunction? Did they work with their customers for the last two years to fix the vulnerability? Or was the injunction their solution by itself?

If it was the latter case, somebody should really serve them a class action suit. Security by gag is not helping the end customer.