The article says that the Chinese team said it was on Big Sur, and that the Google team then discovered it was also on Catalina. It doesn't say that Apple didn't patch it on Catalina, or that they patched it "months later".
I would recommend against using vice.com as any kind of authoritative source. On anything.
Looks like you're correct in this instance, thanks! But my general point is still true: Apple routinely skips patches on older versions. I'm aware of a fair bit of proprietary evidence for this.
CVE-2021-30869 was patched in Big Sur on September 23, 2021
https://support.apple.com/en-us/HT212147
and was patched in Catalina on...September 23, 2021
https://support.apple.com/en-us/HT212825
The article says that the Chinese team said it was on Big Sur, and that the Google team then discovered it was also on Catalina. It doesn't say that Apple didn't patch it on Catalina, or that they patched it "months later".
I would recommend against using vice.com as any kind of authoritative source. On anything.