安全更新

Evernote致力于为全球数亿用户提高工作效率。保护用户的数据安全和隐私是我们的职责所在。我们会持续进行产品测试,提高安全性能,修复已知问题。

你可以在此处查看我们最近修复的安全问题。我们会在新版本出现关于安全方面的更新时发布在这里。(请注意:此处将发布 2015年3月1日之后的更新,在此日期之前的问题修复将不再发布。)

实时了解安全补丁最新动向,请到此页查看或参照我们的应用更新说明。

安全概述更新

Date Update
April 2017

2017 年 4 月相对于 2014 年 10 月的版本更新:

由于Evernote服务已经迁移到谷歌云端平台(“GCP”),所以我们对安全信息做了更新。更新内容包括网络安全、存储媒体处理及销毁、传输加密、灵活性/可用性和实体安全等部分。

我们对帐户安全版块的更新主要体现在:免费用户和付费用户都能以短信形式接收两步验证密码

邮件安全版块的更新主要是增加了我们向用户发送邮件的域名。

我们删除了用户帐户访问权限部分,这部分内容会在我们的隐私条款中有更好的解释。

我们更新了存储媒体处理及销毁的相关内容,以此来体现我们对各种类型的存储媒体(不只是硬盘驱动器)所使用的安全方面的清除和销毁标准。

我们更新了活动日志版块,以此来体现我们从客户端收集了活动数据。

我们增加了静态加密版块,该板块将解释我们目前在 GCP 中是如何加密数据的。

对笔记内文本进行加密版块移动到了用户安全提示页面,并重命名为“端对端加密”,该最新命名可以更好地体现其功能。我们同时对该部分的一些用语进行了解释和说明。

安全提示更新

Date Update
April 2017

2017 年 4 月相对于 2014 年 10 月的版本更新:

对笔记内文本进行加密版块移动到了用户安全提示页面,并重命名为“端对端加密”,该最新命名可以更好地体现其功能。我们同时对该部分的一些用语进行了解释和说明。

我们将“钓鱼式攻击”版块重命名为“如何确定邮件来自Evernote”。同时更新了为用户发送邮件的邮件域名列表。

我们更新了“恶意软件防护”,主要体现在 Chrome 和 Firefox 的浏览器设置方面。由于 ClickToPlugin 的维护器不再支持 Safari,所以我们取消了启用 Safari 为默认设置的推荐提示。

Evernote Mac版

Ticket Id Description Fixed Release
MACOSNOTE-12400 Added a prompt before opening any file:// URIs. Evernote for Mac 6.6
MACOSNOTE-18729 Improved NSConnection usage with NSProtocolChecker to protect the cross application IPC channel. Evernote for Mac 6.3

Evernote Windows 版

Ticket Id Description Fixed Release
WINNOTE-15870 Fixed a potential stored cross site scripting (XSS) issue on Google Drive integration. Evernote for Windows 6.4
WINNOTE-15637, WINNOTE-8970 Fixed DLL hijacking/preloading vulnerabilities on installer and other binaries. Evernote for Windows 6.3
WINNOTE-14610 Delete the local data in the original folder when the local folder configuration is changed. Evernote for Windows 6.1.2
WINNOTE-13340, WINNOTE-13475, WINNOTE-13472 Fixed several stored XSS (cross-site scripting) issues in activity view and other web views. Evernote for Windows 5.9.5
WINNOTE-8997 Added a warning to users before openning local files. Evernote for Windows 5.8.11
CE-735 Fixed a stored XSS (cross-site scripting) issue in Related Context by properly rendering the context note snippet. Evernote for Windows 5.8.4

适用于 iOS 的Evernote

Ticket Id Description Fixed Release
IOSNOTE-28074 Fixed a PIN lock bypass issue. Evernote for iOS 8.2
IOSNOTE-22342 Updated the keychain items accessibility attribute in iTunes/iCloud backups. Evernote for iOS 7.14
IOSNOTE-19688, CP-3280 Fixed the WebViews that disables same-origin policy using file:// URLs. Evernote for iOS 7.7.7
IOSNOTE-19338 Upgraded vulnerable SDWebImage library to 3.7.2. Evernote for iOS 7.7.2

Evernote Android版

Ticket Id Description Fixed Release
DRDNOTE-24142 Fixed a PIN lock bruteforcing issue. Evernote for Android 7.9.9
DRDNOTE-23054 Fixed a potential stored cross site scripting (XSS) issue on Google Drive integration. Evernote for Android 7.9.5
DRDNOTE-20794,DRDNOTE-22660 Fixed a PIN lock bypass issue. Evernote for Android 7.9.4
DRDNOTE-20842 Fixed an issue that some WebView could ignore SSL certificate errors in debug/internal builds. Evernote for Android 7.6
DRDNOTE-9500, DRDNOTE-11183 Move notes stored in SD card to internal memory. Evernote for Android 7.0.7

Evernote BlackBerry 版

Ticket Id Description Fixed Release
EFB-1836 Fixed an issue that PIN lock can be bypassed. Evernote for BlackBerry 5.6.2

Web Clipper 6 Chrome 版

Ticket Id Description Fixed Release
CC-3860 Fixed a potential cross site scripting (XSS) issue. Web Clipper 6 for Chrome 6.13.2
CC-2561 Fixed a potential cross site scripting (XSS) issue while clipping from a malicious site. Web Clipper 6 for Chrome 6.9.2
CC-1729 Fixed a potential HTML injection issue through the extension's login page. Web Clipper 6 for Chrome 6.7
CC-1693 Fixed a potential stored cross site scripting (XSS) issue in releated search results. Web Clipper 6 for Chrome 6.6

Web Clipper 6 Safari 版

Ticket Id Description Fixed Release
CC-3860 Fixed a potential cross site scripting (XSS) issue. Web Clipper 6 for Sa 6.13.2
SAFARICLIP-992 Fixed a potential stored cross site scripting (XSS) issue in releated search results. Web Clipper 6 for Safari 6.7

Penultimate iOS版

Ticket Id Description Fixed Release
IOSPENULT-4056 Updated adonit SDK to fetch all web content through HTTPS. Penultimate for iPad 6.2

Evernote Food iOS 版

Ticket Id Description Fixed Release
IOSFOOD-4320 Upgraded vulnerable SDWebImage library to 3.7.2. Evernote Food for iOS 2.5.1
  We have ended support for this product and will not be providing any future security updates. September 30, 2015

Skitch iOS版

Ticket Id Description Fixed Release
  We have ended support for this product and will not be providing any future security updates. January 22, 2016

Skitch安卓版

Ticket Id Description Fixed Release
  We have ended support for this product and will not be providing any future security updates. January 22, 2016

Skitch Touch Windows 版

Ticket Id Description Fixed Release
  We have ended support for this product and will not be providing any future security updates. January 22, 2016

Skitch Windows 版

Ticket Id Description Fixed Release
  We have ended support for this product and will not be providing any future security updates. January 22, 2016

Evernote Clearly

Ticket Id Description Fixed Release
  We have ended support for this product and will not be providing any future security updates. January 22, 2016

Evernote Pebble 版

Ticket Id Description Fixed Release
  We have ended support for this product and will not be providing any future security updates. January 22, 2016