The exploit allowed anyone to reinitialize a multisig contract with themselves as an owner because the constructor was a public function. These contracts weren't "fixed" like they were supposed to be.
The white hats will deploy a new contract without the faulty constructor with the old owners reinstated. These newly deployed contracts will have all the same information the old ones did but won't be exploitable.
The white hats will deploy a new contract without the faulty constructor with the old owners reinstated. These newly deployed contracts will have all the same information the old ones did but won't be exploitable.