Evernote Fixes Remote Code Execution Vulnerability in macOS App

More from: | Bleeping Computer |

A local file path traversal vulnerability which allows attackers to run arbitrary code on their targets’ Macs remotely was fixed by Evernote after receiving a report from security researcher Dhiraj Mishra.

The security issue tracked as CVE-2019-10038 was found by Mishra in Evernote 7.9 for macOS and it is now patched in the 7.10 Beta 1 version. As detailed in a forum post on the company’s forum, the fix is now also available in the stable 7.9.1 version which just got released.

As the researcher explained, the software flaw can be exploited to run arbitrary code remotely “Since Evernote also has a feature of sharing notes, in such a case an attacker could leverage this vulnerability and send crafted notes (.enex) to the victim to perform


Read full article » https://www.bleepingcomputer.com/news/security/evernote-fixes-remote-code-execution-vulnerability-in-macos-app/

About | Bleeping Computer |

Bleeping Computer® is a technical support site and a self-education tool for the novice user to learn basic concepts about Computer Technology. Our focus is to allow the novice computer user to be able to have a place that they can come and discuss computer/technology problems with their peers and at the same time have a rich resource in which to learn the "basics" about computers and technology.

We have found, with our extensive experience in helping users, whether they be family, friends, coworkers, or clients, that most technical support problems lie not with the computer, but with the fact that the user does not know the "basic concepts" that underlie all issues of computing. These concepts include hardware, files and folders, operating systems, Internet, and applications.

»Twitter: @BleepinComputer »Facebook: @BleepingComputer »YouTube: BleepingComputer