Here we are at the week before the last Patch Tuesday of the year and it has been far from dull. With security releases from Adobe, Apple, and Google, you might want to consider a patching cycle this weekend. Don’t forget to register for our December Patch Tuesday webinar next week to get the latest information on Microsoft’s monthly release.

In the news, The Hacker News covered a fascinating story this week around a new ransomware spreading rapidly in China. While this ransomware does not appear to be spreading outside of China, the source of this vulnerability is alarming. The attackers added malicious code into programming software titled “EasyLanguage” that allowed the ransomware to spread rapidly. Since the application developers delivering the payload under their respective signatures, the malware has flown easily under the radar of most antivirus programs. Although the ransomware was easily bypassed and the culprit was arrested this week, it’s a great example of how supply-chain attacks can be so effective.

How Ivanti Endpoint Security Customers Can Achieve a 176% ROI Over 3 Years - DOWNLOAD THE STUDY

Security Releases

For the second time this month, Adobe released another zero-day flash update. This bulletin, titled APSB18-42, remediated two CVEs with CVE-2018-15982 as the Critical CVE. This vulnerability was discovered last week by researchers within Microsoft Word documents, where a crafted Word document contained an embedded Flash control that executes malicious code when rendered. Microsoft also released its version of Flash under KB4471311 that applies to all Windows versions after Windows 7.

Following a recent pattern before the week of Patch Tuesday, Google released a large security update for its web browser. Chrome 71.0.3578.80 was released with a total of 43 security fixes and 27 unique CVEs. This major release also contains an anticipated feature that will help users avoid abusive sites containing malicious forms to steal users’ data and money.

Lastly, Apple joins the pack with updates for iTunes and iCloud for Windows alongside releases for macOS, tvOS, and iOS. iTunes 12.9.2 and iCloud 7.9 remediate seven CVEs shared with Safari and WebKit.

Third-Party Updates

Of course, other vendors have been releasing updates for their respective software in this short week. While these updates might not have identified vulnerabilities, they still have helpful stability fixes as well as potential undisclosed security fixes:

Software Title

Ivanti ID

Ivanti KB

AIMP 4.51.0.2084

AIMP-014

QAIMP4512084

Bandicut 3.1.4.480

BANDICUT-010

QBCUT314480

GoodSync 10.9.19

GOODSYNC-104

QGS109195

Node.JS 10.14.1 (LTS Upper)

NOJSLU-002

QNODEJSLU10141

Node.JS 6.15.1 (Maintain)

NOJSM-001

QNODEJSM6151

Opera 57.0.3098.91

OPERA-193

QOP570309891

Plex Media Player 2.23.0

PLXP-025

QPLXP2230

Thunderbird 60.3.3

TB18-6033

QTB6033

Cisco WebEx Meeting Center 32.15.32.8

WMC-013

QWMC3215328