The tech company has rolled out fixes for a type confusion vulnerability that has already been exploited by malicious actors.