Nope. Lots of companies regularly patch proprietary software without access to their source code, their permission or giving them money, and then sell the resulting product for money, and it's all perfectly legal.
The simple reason is it doesn't infringe copyright. The patch does not contain the code of the underlying software (it can't - they don't have it), and they are not selling the underlying code, merely altering the user's machine so that the program runs faster or more securely.
You don't need source code to legally find bugs, and you don't need code to legally fix bugs either.
But you don't need to have the code of the underlying software for it to be considered a derivative work. Consider the fact that the sole purpose of a patch is to modify the behavior of a program you don't own the copyright for, and that the patch could not exist without the original program. I would argue makes the patch a derivative work.
The test for derivation in software seems far more broad then what I just stated - simply linking in a library into your program makes your program a derivative work of the library. The GPL for instance exploits this interpretation of copyright law, and has won virtually all legal challenges. A patch that outright modifies behavior seems even more derivative.