Jump to content

Everynote Security - OS X, iOS New Vulnerability


Recommended Posts

Posted

Hello,

 

Excuse me if this has been addressed in another topic!

 

Yesterday, I read about serious-sounding iOS and OS X vulnerabilities that allow attackers to gain access to the resources of one application from another. These vulnerabilities may also allow keychains to be cracked and the resulting services/applications accessed.

 

My questions for the Community and for the Evernote team are:

 

- Do you believe Evernote is vulnerable when devices are compromised, as suggested by the articles below?

- Does Evernote plan to release an Evernote update specifically to address these vulnerabilities? 

- Are you currently aware of malware making use of these new vulnerabilities?

 

Thank you for any input you can provide!

 

Regards,

Sam

 

References:

http://arstechnica.com/security/2015/06/serious-os-x-and-ios-flaws-let-hackers-steal-keychain-1password-contents/

http://www.theregister.co.uk/2015/06/17/apple_hosed_boffins_drop_0day_mac_ios_research_blitzkrieg/

  • Level 5*
Posted

the researchers specifically mentioned evernote as vulnerable. i think we have to assume it is.

https://drive.google.com/file/d/0BxxXk1d3yyuZOFlsdkNMSGswSGs/view

 

Thanks for sharing the actual source article that discovered this issue.

 

Here's a key section of the abstract that mentions Evernote:

 

Further, the design of the App sandbox on OS X was found to be vulnerable, exposing an app’s private directory

 to the sandboxed malware that hijacks its Apple Bundle ID.
 
As a result, sensitive user data, like the notes and user contacts under Evernote and photos under WeChat, have all been disclosed.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...