The update for the flaw (CVE-2023-37450) is available for iOS 16.5.1, macOS Ventura 13.4.1 and iPadOS 16.5.1.
Researchers point to an “aggressive and skilled actor” with suspected links to China as the group behind the attacks on a recently disclosed Barracuda ESG zero day.
The type confusion bug is the third zero day that Google has addressed this year.
Threat actors continue to target the critical-severity file transfer bug to launch data exfiltration attacks, and researchers say organizations should potentially expect ransom emails in the coming weeks.
A critical zero day flaw in all version of MOVEit Transfer is under active attack by multiple threat actors.