“At Evernote, we have not found any evidence that the vulnerability reported by Guardio has been exploited and Guardio does not believe that anyone took advantage of the bug,” an Evernote spokesperson told Threatpost. Evernote users are urged to update to version 7.11.1 or later. Researchers disclosed the flaw to Evernote on May 27 a fix was confirmed on June 4. “In their Proof-of-Concept (PoC), Guardio has demonstrated access to Social media (reading and posting content), Financial transaction history, private shopping lists, and more.” “Upon successful exploitation, a visit to a hacker-controlled website would compromise the visitor’s private data from affected 3rd-party websites,” researchers with Gaurdio, who discovered the flaw, said in an analysis this week. ![]() ![]() The Evernote extension is extremely popular, putting the personal data of than 4.6 million users at risk, researchers said. Specifically impacted was the Evernote Web Clipper extension for the Chrome browser, which lets users capture full-page article, images, selected text, emails and more. A critical flaw in the popular note-taking Evernote extension could have allowed attackers to steal personal data – including emails and financial transactions – of millions.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |