Re: "an unidentified threat actor created a symlink that linked users to the root filesystem"
There was a vulnerability in the OS which was being exploited. Fortinet released a patch which fixed the vulnerability, but didn't clear up the back doors left by the threat actors and left the systems vulnerable. This new patch removes the symlink and prevents symlinks being used as a back door. In essence, the new patch removes the persistence of a previous hack on the system.