There's a difference between merely malicious ads ("Click here for free stuff!"->takes you to a site that exploits your browser) and ads that actively exploit the browser. Any ad network can fall victim to malicious ads but only ad networks that allow embedded scripts can be abused to actively exploit browsers.

The solution is dead simple: Don't allow embedded scripts in ads. Period. End of story. Problem no longer a problem. "We're all done here."