I don't really understand the process by which private keys can be extracted from the Ledger device--do you have to be using Ledger Live for that to happen?
Their Recover feature has been put on hold for now, but I am pretty sure it would only work with Ledger Live if/once released. You would also need the latest firmware with the feature/vulnerability code present on your hardware wallet.
What if you have to update the bitcoin app?
That should still work through the My Ledger/Ledger Manager tab irrespective of your firmware version. You might have to install the latest Ledger Live version, though.
Fortunately Ledger Live is open source and capable of being reviewed by peers. If some piece of code in previous releases of Ledger Live could have extracted seeds from the device, it'll be found sooner or later.
The magic is probably recorded in the code for the firmware, and as you know, it's closed-source. That's the part they have to open for the public. Anyways, it's too late now. If such an option was there in the past, they can just remove it, work around it, and open-source a slightly altered code.