Thank you for your quick response.
We did actually find this after I wrote the post, however (although not very clearly) I had noted that we'd rather not have to use the workaround and whether we could upgrade just the filter, however with it being core it's not just a drop-in plugin like others.
Going with the security advisory we are going to be implementing the workaround until such time we can do an upgrade to get us to at least the point upgrade where the 2.7.8 Mathjax is the default library used, however, being a University, we don't upgrade immediately as we have an agreed schedule for major tasks such as upgrades of the entire platform and plugins (unless an emergency upgrade to patch a significant element or security risk is required). Mathjax doesn't fall into this because the exploit is in the JS library and is easily configurable within Moodle. It was just the out-of-the-box default value we were keen on having - and it seems only a point upgrade will give us this.
Thank you, though