Serious XSS flaw discovered in Evernote for Windows, update now!

Online note sharing company Evernote has patched a hole that allowed attackers to infect notes shared via its service. The vulnerability (CVE-2018-18524) could have allowed an attacker to run programs remotely on a victim’s computer simply by sharing a note with them and persuading them to view it. Evernote has patched the vulnerability in Evernote for Windows 6.16.1 beta.

The vulnerability, discovered by TongQing Zhu, a researcher at Chinese cybersecurity company Knownsec, was a form of cross-site scripting (XSS) attack. XSS attacks allow attackers to inject malicious code into websites.

Read more about the critical Evernote flaw for Windows on Naked Security.





Gain Deeper Insights Into The Threat

Sign up to gain access to our special reports on threat actors and their tactics as well as daily Threat Brief.

Your support will enable us to continue our production of action-oriented content and help us help you stay informed on the latest in adversary activities.

Try our free two week trial.

Sign Up For Free Trial of The Daily Threat Brief