Evernote fixes macOS app bug that allowed remote code execution
Evernotehas fixed a vulnerability that could have allowed an attacker to run malicious code on a victim’s computer.
Dhiraj Mishra, a security researcher based in Dubai, reported the bug to Evernote on March 17. In a blog post showing his proof-of-concept, Mishra showed TechCrunch that a user only had to click a link masked as a web address, which would open a locally stored app or file unhindered and without warning.
Evernote spokesperson Shelby Busen confirmed the bug had been fixed
Read more »