Everynote Security - OS X, iOS New Vulnerability

[samf111 0]

Hello,

 

Excuse me if this has been addressed in another topic!

 

Yesterday, I read about serious-sounding iOS and OS X vulnerabilities that allow attackers to gain access to the resources of one application from another. These vulnerabilities may also allow keychains to be cracked and the resulting services/applications accessed.

 

My questions for the Community and for the Evernote team are:

 

- Do you believe Evernote is vulnerable when devices are compromised, as suggested by the articles below?

- Does Evernote plan to release an Evernote update specifically to address these vulnerabilities? 

- Are you currently aware of malware making use of these new vulnerabilities?

 

Thank you for any input you can provide!

 

Regards,

Sam

 

References:

- http://arstechnica.com/security/2015/06/serious-os-x-and-ios-flaws-let-hackers-steal-keychain-1password-contents/

- http://www.theregister.co.uk/2015/06/17/apple_hosed_boffins_drop_0day_mac_ios_research_blitzkrieg/

[GrumpyMonkey 4,319]

the researchers specifically mentioned evernote as vulnerable. i think we have to assume it is.

https://drive.google.com/file/d/0BxxXk1d3yyuZOFlsdkNMSGswSGs/view

the fix, as far as i can tell, needs to come from apple. perhaps it will become available in el capitan. in the meantime, i'd avoid downloading and installing malicious apps

[JMichaelTX 4,117]

the researchers specifically mentioned evernote as vulnerable. i think we have to assume it is.

https://drive.google.com/file/d/0BxxXk1d3yyuZOFlsdkNMSGswSGs/view

 

Thanks for sharing the actual source article that discovered this issue.

 

Here's a key section of the abstract that mentions Evernote:

 

Further, the design of the App sandbox on OS X was found to be vulnerable, exposing an app’s private directory

 to the sandboxed malware that hijacks its Apple Bundle ID.

 

As a result, sensitive user data, like the notes and user contacts under Evernote and photos under WeChat, have all been disclosed.