安全性更新

Evernote 的產品已是全球百萬名使用者最常用來幫助他們完成重要工作的應用程式 app。保障您的使用體驗的隱私與安全對我們至為重要。我們積極主動地測試所有產品,以確保其安全性,並持續偵測可能造成安全性漏洞的錯誤或問題。

以下列出我們近期修正處理過的安全性錯誤。我們會隨時在發佈應用程式的安全性更新時一併更新此頁內容。(請注意:此報告從 2015 年 3 月 1 日開始,不含此日期前發生的錯誤修正。)

若要知道我們最新的安全性修補狀態,請查看此頁或 app 內的消息通知。

安全概述更新

Date Update
April 2017

2017 年 4 月更新 2014 年 10 月的版本:

此次更新是為了適時反映 Evernote 服務遷移到 Google Cloud Platform (“GCP”) 後在資料安全上,包括網路安全、媒體清除與銷毀、傳輸加密、還原力/可用力、實體安全等個段落上的變更更新。

我們更新了「帳戶安全性」的部分,現在不論是免費或付費用戶均可使用簡訊傳輸兩步驟驗證碼。

在「電子郵件安全性」中,我們增加更多可能向您寄送郵件的網域。

我們認為「客戶帳戶存取」中的內容在我們的《隱私權政策》中有更明確的說明,因此從安全概述中移除。

「媒體清除與銷毀」章節的更新解釋了我們針對所有儲存媒體的安全消除與銷毀,而不僅僅是硬碟。

「活動紀錄」章節更新,說明我們會向客戶收集事件資料.

新增「靜態加密」章節,說明我們如何在 GCP 的靜態狀態下加密資料.

我們將「記事內加密文字」章節移到《用戶資料安全提示》頁中,並正命為「端到端加密」。該章節中部分文字亦有澄清。

保障資安秘訣

Date Update
April 2017

2017 年 4 月更新 2014 年 10 月的版本:

我們將「記事內加密文字」章節從《安全概述》移到此頁,並正命為「端到端加密」。該章節中部分文字亦有澄清。

「網路釣魚」章節名已重新命名為「如何確認郵件確實為 Evernote 發送」,並更新了我們用來向您寄發電子郵件的網域的名單。

「惡意程式防護」章節的更新主要針對現在 Chrome 和 Firefox 的設定的變更。我們並移除了 Safari 的推薦程式,因為 ClickToPlugin 的維護者已停止支援。

Mac 版 Evernote

Ticket Id Description Fixed Release
MACOSNOTE-12400 Added a prompt before opening any file:// URIs. Evernote for Mac 6.6
MACOSNOTE-18729 Improved NSConnection usage with NSProtocolChecker to protect the cross application IPC channel. Evernote for Mac 6.3

Windows 版 Evernote

Ticket Id Description Fixed Release
WINNOTE-15870 Fixed a potential stored cross site scripting (XSS) issue on Google Drive integration. Evernote for Windows 6.4
WINNOTE-15637, WINNOTE-8970 Fixed DLL hijacking/preloading vulnerabilities on installer and other binaries. Evernote for Windows 6.3
WINNOTE-14610 Delete the local data in the original folder when the local folder configuration is changed. Evernote for Windows 6.1.2
WINNOTE-13340, WINNOTE-13475, WINNOTE-13472 Fixed several stored XSS (cross-site scripting) issues in activity view and other web views. Evernote for Windows 5.9.5
WINNOTE-8997 Added a warning to users before openning local files. Evernote for Windows 5.8.11
CE-735 Fixed a stored XSS (cross-site scripting) issue in Related Context by properly rendering the context note snippet. Evernote for Windows 5.8.4

iOS 上的 Evernote

Ticket Id Description Fixed Release
IOSNOTE-28074 Fixed a PIN lock bypass issue. Evernote for iOS 8.2
IOSNOTE-22342 Updated the keychain items accessibility attribute in iTunes/iCloud backups. Evernote for iOS 7.14
IOSNOTE-19688, CP-3280 Fixed the WebViews that disables same-origin policy using file:// URLs. Evernote for iOS 7.7.7
IOSNOTE-19338 Upgraded vulnerable SDWebImage library to 3.7.2. Evernote for iOS 7.7.2

Android 版 Evernote

Ticket Id Description Fixed Release
DRDNOTE-24142 Fixed a PIN lock bruteforcing issue. Evernote for Android 7.9.9
DRDNOTE-23054 Fixed a potential stored cross site scripting (XSS) issue on Google Drive integration. Evernote for Android 7.9.5
DRDNOTE-20794,DRDNOTE-22660 Fixed a PIN lock bypass issue. Evernote for Android 7.9.4
DRDNOTE-20842 Fixed an issue that some WebView could ignore SSL certificate errors in debug/internal builds. Evernote for Android 7.6
DRDNOTE-9500, DRDNOTE-11183 Move notes stored in SD card to internal memory. Evernote for Android 7.0.7

黑莓機上的 Evernote

Ticket Id Description Fixed Release
EFB-1836 Fixed an issue that PIN lock can be bypassed. Evernote for BlackBerry 5.6.2

Chrome 版 Web Clipper 6

Ticket Id Description Fixed Release
CC-2561 Fixed a potential cross site scripting (XSS) issue while clipping from a malicious site. Web Clipper 6 for Chrome 6.9.2
CC-1729 Fixed a potential HTML injection issue through the extension's login page. Web Clipper 6 for Chrome 6.7
CC-1693 Fixed a potential stored cross site scripting (XSS) issue in releated search results. Web Clipper 6 for Chrome 6.6

Safari 版 Web Clipper 6

Ticket Id Description Fixed Release
SAFARICLIP-992 Fixed a potential stored cross site scripting (XSS) issue in releated search results. Web Clipper 6 for Safari 6.7

Penultimate iOS

Ticket Id Description Fixed Release
IOSPENULT-4056 Updated adonit SDK to fetch all web content through HTTPS. Penultimate for iPad 6.2

Evernote Food iOS 版

Ticket Id Description Fixed Release
IOSFOOD-4320 Upgraded vulnerable SDWebImage library to 3.7.2. Evernote Food for iOS 2.5.1
  We have ended support for this product and will not be providing any future security updates. September 30, 2015

iOS 版 Skitch

Ticket Id Description Fixed Release
  We have ended support for this product and will not be providing any future security updates. January 22, 2016

Android 版 Skitch

Ticket Id Description Fixed Release
  We have ended support for this product and will not be providing any future security updates. January 22, 2016

Windows Touch 版 Skitch

Ticket Id Description Fixed Release
  We have ended support for this product and will not be providing any future security updates. January 22, 2016

Windows 版 Skitch

Ticket Id Description Fixed Release
  We have ended support for this product and will not be providing any future security updates. January 22, 2016

Evernote Clearly

Ticket Id Description Fixed Release
  We have ended support for this product and will not be providing any future security updates. January 22, 2016

Pebble 版 Evernote

Ticket Id Description Fixed Release
  We have ended support for this product and will not be providing any future security updates. January 22, 2016