samf111 0 Posted June 18, 2015 Posted June 18, 2015 Hello, Excuse me if this has been addressed in another topic! Yesterday, I read about serious-sounding iOS and OS X vulnerabilities that allow attackers to gain access to the resources of one application from another. These vulnerabilities may also allow keychains to be cracked and the resulting services/applications accessed. My questions for the Community and for the Evernote team are: - Do you believe Evernote is vulnerable when devices are compromised, as suggested by the articles below?- Does Evernote plan to release an Evernote update specifically to address these vulnerabilities? - Are you currently aware of malware making use of these new vulnerabilities? Thank you for any input you can provide! Regards,Sam References:- http://arstechnica.com/security/2015/06/serious-os-x-and-ios-flaws-let-hackers-steal-keychain-1password-contents/- http://www.theregister.co.uk/2015/06/17/apple_hosed_boffins_drop_0day_mac_ios_research_blitzkrieg/
Level 5* GrumpyMonkey 4,320 Posted June 18, 2015 Level 5* Posted June 18, 2015 the researchers specifically mentioned evernote as vulnerable. i think we have to assume it is. https://drive.google.com/file/d/0BxxXk1d3yyuZOFlsdkNMSGswSGs/view the fix, as far as i can tell, needs to come from apple. perhaps it will become available in el capitan. in the meantime, i'd avoid downloading and installing malicious apps
Level 5* JMichaelTX 4,119 Posted June 19, 2015 Level 5* Posted June 19, 2015 the researchers specifically mentioned evernote as vulnerable. i think we have to assume it is.https://drive.google.com/file/d/0BxxXk1d3yyuZOFlsdkNMSGswSGs/view Thanks for sharing the actual source article that discovered this issue. Here's a key section of the abstract that mentions Evernote: Further, the design of the App sandbox on OS X was found to be vulnerable, exposing an app’s private directory to the sandboxed malware that hijacks its Apple Bundle ID. As a result, sensitive user data, like the notes and user contacts under Evernote and photos under WeChat, have all been disclosed.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.