Home » News » Evernote released a patch for a gap that allowed intruders performing any code on macOS

Evernote released a patch for a gap that allowed intruders performing any code on macOS

Specialists in cybersecurity detected an error that allows hackers run malware code from Evernote.

A[,dropcap]s a result, intruders can use specially created URI in a note that would lead to the attack. Through file:/// link they offer user to open any malware file, for instance, “../../../../malware.app“.

Such vulnerabilities united under the term “path traversal”.

While Evernote provides technical opportunity to share notes, hackers can use this vulnerability and send malware notes in .enex format to supposed victims.

Vulnerability touched Apple laptops with macOS. Interestingly, on other platforms program does not endanger user’s confidentiality.

Recently issue traced with identification number CVE-2019-10038, and patch released for Evernote versions 7.10 Beta and 7.9.1. GA on macOS.

Correction is already working. Now it looks as a notification that arises with the attempt to open suspicious link. It is important to add that similar error found in Electronic Arts Origin service.

Source: www.inputzero.io

[Total: 1    Average: 5/5]
READ  Discovered complex backdoor that group of cybercriminals Turla uses since 2014

About Trojan Killer

Carry Trojan Killer Portable on your memory stick. Be sure that you’re able to help your PC resist any cyber threats wherever you go.

Check Also

comodo ca

Great part of malware on VirusTotal had Comodo certificate

Comodo center of certification (known now as Sectigo) released the greatest number of certificates that …

WannaCry laptop

Infected by WannyCry and MyDoom laptop costs more than $1 million

Infected by six famous malware programs laptop played out on a public auction. Historically these …

Leave a Reply