Join Thousands Who Have Benefitted from the Virtual Event of the Year - WATCH NOW Boo! Google Chrome Zero-Day! Scared you, didn’t I? Unfortunately, this is not just a ghost story with a confirmed exploit in the wild for everyone’s favorite web browser.

In the news, Microsoft has acknowledged a new known issue from October Patch Tuesday where TLS and SSL connections will intermittently fail. Under Microsoft’s support article, the fix for CVE-2019-1318 may result in connections erroring out with 0x8009030f. Fortunately, multiple workarounds are now provided to those that are experiencing this issue. All Security-Only and Monthly Rollup patches released on Patch Tuesday are affected by this, so make sure to keep an eye out for this new issue in your environments.

Security Releases

Chrome is back for an encore this month with its second zero-day for the year. With an appropriate late release on Halloween, version 78.0.3904.87 includes two security fixes with CVE-2019-13720 taking the spotlight. Details on this use-after-free vulnerability are scarce at the time of writing other than Google’s acknowledgement of an exploit in the wild. In early March this year, a different use-after-free vulnerability under CVE-2019-5786 was exploited in the wild in conjunction with CVE-2019-0808, a Windows vulnerability.

Apple released iTunes 12.10.2 and iCloud 7.15 this week covering a total of 16 vulnerabilities. CVE-2019-8801 stands out from the group and is unique to iTunes where the installer could be used to execute an untrusted DLL under the signed installer process. The bulk of the other vulnerabilities are shared with Apple’s Safari browser on macOS to protect the application from exploitation if used to browse web content.

Third-Party Updates

Here are the other updates we released in our content this week. These updates might not have CVEs, but they may still have helpful stability fixes as well as undisclosed security fixes:

Software Title

Ivanti ID

Ivanti KB

Adobe Acrobat DC and Reader DC 15.006.30505

ARDC19-012

QADC1500630505

Adobe Acrobat DC and Reader DC 17.011.30152

ARDC19-013

QADC1701130152

DropBox 84.4.170

DROPBOX-124

QDROPBOX844170

GIMP 2.10.14

GIMP-019

QGIMP21014

GoToMeeting 10.2.1

GOTOM-075

QGTM1021

LibreOffice 6.3.3.2

LIBRE-120

QLIBRE6332

Notepad++ 7.8.1

NPPP-095

QNPPP781

Opera 64.0.3417.83

OPERA-235

QOP640341783

Plex Media Server 1.18.1.1973

PLXS-049

QPLXS11811973

Slack Machine-Wide Installer 4.1.2

SMWI-037

QSLACK412

TortoiseSVN 1.13.0

TORT-035

QTORT1130

TreeSize Free 4.4.0.508

TSF-019

QTSF440508

Visual Studio 2019 version 16.3.7

MSNS19-1030-VS2019

QVS20191637