Evernote создает продукты, благодаря которым миллионы людей по всему миру успешно реализуют важные для них проекты. Конфиденциальность и безопасность вашей работы — одна из наших главных задач. Мы регулярно тестируем наши продукты на предмет надежной защиты данных и своевременно устраняем ошибки, которые могут сделать уязвимыми наши приложения.
На этой странице вы можете посмотреть список последних ошибок, связанных с безопасностью сервиса, которые мы устранили. Мы будем обновлять эту страницу каждый раз, когда выходит обновление наших приложений. (Обратите внимание: подобные отчеты существуют с 1 марта 2015 года, обновления, выпущенные до этой даты, не будут появляться на этой странице).
Хотите быть в курсе актуальной информации об исправлении ошибок в области безопасности сервиса? Теперь такие данные будут появляться на этой странице и в заметках к выпускам наших приложений.
Evernote для Mac
| Ticket Id |
Description |
Fixed Release |
| MACOSNOTE-28956 |
Added com.apple.quarantine attribute to attachment files to prevent potential one click execution. |
Evernote for Mac 7.13 GA |
| MACOSNOTE-28914 |
Fixed a potential dylib hijacking issue. |
Evernote for Mac 7.12 GA |
| MACOSNOTE-28840 |
Fixed a regression and added the prompt before opening any file:// URIs. |
Evernote for Mac 7.10 Beta 1 and 7.9.1 GA |
| MACOSNOTE-28634 |
Fixed a local file path traversal issue on attachment previewing. |
Evernote for Mac 7.6 |
| MACOSNOTE-12400 |
Added a prompt before opening any file:// URIs. |
Evernote for Mac 6.6 |
| MACOSNOTE-18729 |
Improved NSConnection usage with NSProtocolChecker to protect the cross application IPC channel. |
Evernote for Mac 6.3 |
Evernote для Windows
| Ticket Id |
Description |
Fixed Release |
| WINNOTE-20063 |
Fixed a stored cross site scripting (XSS) vulnerability in modified external web links. |
Evernote for Windows 6.19 GA |
| WINNOTE-19941 |
Fixed a vulnerability in the protocol handler, specifically Evernote client installed on Windows 10, 7 or 2008 can be tricked in arbitrary command execution if the user clicks on a specially crafted URL. |
Evernote for Windows 6.18 beta 2 and 6.17.7 GA |
| WINNOTE-19568, WINNOTE-19620 |
Fixed a stored cross site scripting (XSS) issue in rendering attachment filenames. |
Evernote for Windows 6.16 beta 1 and 6.16 GA |
| WINNOTE-19377 |
Improved security by always generating HTTPS URLs to Evernote services. |
Evernote for Windows 6.15 beta 1 and 6.15 GA |
| WINNOTE-19299 |
Fixed an issue in versions 6.4 - 6.7 where the app would send authentication tokens over HTTP when contacting certain portions of the Evernote Service. The vulnerability did not affect note content, usernames, or passwords and those continued to be securely encrypted in transit. |
Evernote for Windows versions 6.7.6 (Hotfix) and 6.8.6 (First GA release) |
| WINNOTE-15870 |
Fixed a potential stored cross site scripting (XSS) issue on Google Drive integration. |
Evernote for Windows 6.4 |
| WINNOTE-15637, WINNOTE-8970 |
Fixed DLL hijacking/preloading vulnerabilities on installer and other binaries. |
Evernote for Windows 6.3 |
| WINNOTE-14610 |
Delete the local data in the original folder when the local folder configuration is changed. |
Evernote for Windows 6.1.2 |
| WINNOTE-13340, WINNOTE-13475, WINNOTE-13472 |
Fixed several stored XSS (cross-site scripting) issues in activity view and other web views. |
Evernote for Windows 5.9.5 |
| WINNOTE-8997 |
Added a warning to users before opening local files. |
Evernote for Windows 5.8.11 |
| CE-735 |
Fixed a stored XSS (cross-site scripting) issue in Related Context by properly rendering the context note snippet. |
Evernote for Windows 5.8.4 |
Evernote для iOS
| Ticket Id |
Description |
Fixed Release |
| IOSNOTE-27747 |
Fixed an issue that saved screenshot might show up prior to PIN lock screen for a short time period. |
Evernote for iOS 8.16 |
| IOSNOTE-28074 |
Fixed a PIN lock bypass issue. |
Evernote for iOS 8.2 |
| IOSNOTE-22342 |
Updated the keychain items accessibility attribute in iTunes/iCloud backups. |
Evernote for iOS 7.14 |
| IOSNOTE-19688, CP-3280 |
Fixed the WebViews that disables same-origin policy using file:// URLs. |
Evernote for iOS 7.7.7 |
| IOSNOTE-19338 |
Upgraded vulnerable SDWebImage library to 3.7.2. |
Evernote for iOS 7.7.2 |
Evernote для Android
| Ticket Id |
Description |
Fixed Release |
| DRDNOTE-30711 |
Fixed an issue where certain third party content providers were identified by their package names rather than package signatures. |
Evernote for Android 8.12.2 |
| DRDNOTE-31085 |
Fixed an issue where the Widget4x1SettingsActivity/Widget4x2SettingsActivity activities may be exploited through a malicious Intent. |
Evernote for Android 8.12.2 |
| DRDNOTE-31086 |
Fixed an issue where the NewPhoneMainActivity activity may be exploited through a malicious Intent. |
Evernote for Android 8.12.2 |
| DRDNOTE-31087 |
Fixed an issue where the ContractNoUiActivity activity may be exploited through a malicious Intent. |
Evernote for Android 8.12.2 |
| DRDNOTE-31088 |
Fixed an issue where the URIBrokerActivity activity may be exploited through a malicious Intent. |
Evernote for Android 8.12.2 |
| DRDNOTE-31089 |
Fixed an issue where the AuthorizeThirdPartyAppActivity activity may be exploited through malicious Intent. |
Evernote for Android 8.12.2 |
| DRDNOTE-31090 |
Fixed an issue where the ClipActivity activity may be exploited through malicious Intent. |
Evernote for Android 8.12.2 |
| DRDNOTE-31033 |
Fixed an issue in an exported Activity that might be exploited through malicious Intent. |
Evernote for Android 8.12 |
| DRDNOTE-30932 |
Fixed a PIN lock bypass issue in Android's Google Search integration. |
Evernote for Android 8.11 |
| DRDNOTE-30589, DRDNOTE-30753 |
Fixed a PIN lock bypass issue. |
Evernote for Android 8.9 |
| DRDNOTE-24142 |
Fixed a PIN lock bruteforcing issue. |
Evernote for Android 7.9.9 |
| DRDNOTE-23054 |
Fixed a potential stored cross site scripting (XSS) issue on Google Drive integration. |
Evernote for Android 7.9.5 |
| DRDNOTE-20794, DRDNOTE-22660 |
Fixed a PIN lock bypass issue. |
Evernote for Android 7.9.4 |
| DRDNOTE-20842 |
Fixed an issue that some WebView could ignore SSL certificate errors in debug/internal builds. |
Evernote for Android 7.6 |
| DRDNOTE-9500, DRDNOTE-11183 |
Move notes stored in SD card to internal memory. |
Evernote for Android 7.0.7 |
Evernote для BlackBerry
| Ticket Id |
Description |
Fixed Release |
| EFB-1836 |
Fixed an issue that PIN lock can be bypassed. |
Evernote for BlackBerry 5.6.2 |
Evernote Web Clipper 7
| Ticket Id |
Description |
Affected Browsers |
Fixed Release |
| CLIPPER-4170 |
Fixed a security issue reported by Google. |
Chrome
MS Edge
Firefox
Safari |
Evernote Web Clipper 7.30.2 |
| CLIPPER-3073 |
Fixed several issues by validating events, adding clickjacking protection and etc. |
Chrome |
Evernote Web Clipper 7.12.2.1 |
| CLIPPER-2582 |
Fixed an issue that could cause browser's same origin policy to be bypassed. |
Chrome |
Evernote Web Clipper 7.11.1 |
| CLIPPER-1371 |
Fixed an issue regarding automated notebook suggestions. |
Chrome |
Evernote Web Clipper 7.2.1 |
Evernote Web Clipper 6 для Chrome
| Ticket Id |
Description |
Fixed Release |
| CC-3860 |
Fixed a potential cross site scripting (XSS) issue. |
Web Clipper 6 for Chrome 6.13.2 |
| CC-2561 |
Fixed a potential cross site scripting (XSS) issue while clipping from a malicious site. |
Web Clipper 6 for Chrome 6.9.2 |
| CC-1729 |
Fixed a potential HTML injection issue through the extension's login page. |
Web Clipper 6 for Chrome 6.7 |
| CC-1693 |
Fixed a potential stored cross site scripting (XSS) issue in releated search results. |
Web Clipper 6 for Chrome 6.6 |
Evernote Web Clipper 6 для Safari
| Ticket Id |
Description |
Fixed Release |
| CC-3860 |
Fixed a potential cross site scripting (XSS) issue. |
Web Clipper 6 for Safari 6.13.2 |
| SAFARICLIP-992 |
Fixed a potential stored cross site scripting (XSS) issue in releated search results. |
Web Clipper 6 for Safari 6.7 |
Penultimate для iOS
| Ticket Id |
Description |
Fixed Release |
| IOSPENULT-4056 |
Updated adonit SDK to fetch all web content through HTTPS. |
Penultimate for iPad 6.2 |
Evernote Food для iOS
| Ticket Id |
Description |
Fixed Release |
| IOSFOOD-4320 |
Upgraded vulnerable SDWebImage library to 3.7.2. |
Evernote Food for iOS 2.5.1 |
| |
We have ended support for this product and will not be providing any future security updates. |
September 30, 2015 |
Skitch для iOS
| Ticket Id |
Description |
Fixed Release |
| |
We have ended support for this product and will not be providing any future security updates. |
January 22, 2016 |
Skitch для Android
| Ticket Id |
Description |
Fixed Release |
| |
We have ended support for this product and will not be providing any future security updates. |
January 22, 2016 |
Skitch для Windows Touch
| Ticket Id |
Description |
Fixed Release |
| |
We have ended support for this product and will not be providing any future security updates. |
January 22, 2016 |
Skitch для Windows
| Ticket Id |
Description |
Fixed Release |
| |
We have ended support for this product and will not be providing any future security updates. |
January 22, 2016 |
Evernote Clearly
| Ticket Id |
Description |
Fixed Release |
| |
We have ended support for this product and will not be providing any future security updates. |
January 22, 2016 |
Evernote для Pebble
| Ticket Id |
Description |
Fixed Release |
| |
We have ended support for this product and will not be providing any future security updates. |
January 22, 2016 |
