Evernote Web Clipper Safari 13



Evernote makes products that are the go-to apps for millions of people worldwide accomplishing their most important work. It's important to us that your experience be both private and secure. We proactively test our products for security issues and regularly squash bugs that could create vulnerabilities in our apps.

Web Clipper 6 for Chrome 6.13.2: CC-2561: Fixed a potential cross site scripting (XSS) issue while clipping from a malicious site. Web Clipper 6 for Chrome 6.9.2: CC-1729: Fixed a potential HTML injection issue through the extension's login page. Web Clipper 6 for Chrome 6.7: CC-1693. Remember everything important. Continue with Google. Continue with Apple. Get the Evernote Web Clipper Clip web pages as you browse. Keep them all in Evernote, where they’ll sync to all your devices. Evernote Web Clipper is a simple extension for your web browser that lets you capture full-page articles, images, selected text, important emails, and any web page that inspires you. Save everything to Evernote and keep it forever.

Here you'll find a list of the most recent security bugs that we've fixed. We'll update this page anytime we release an app that has a security update. (Note: Reporting began on March 1st, 2015. Fixes released prior to this date do not appear.)

Clipper

To stay up-to-date with security patches, check back here or in our app release notes.

Evernote for Mac

Ticket IdDescriptionFixed Release
MACOSNOTE-28956Added com.apple.quarantine attribute to attachment files to prevent potential one click execution.Evernote for Mac 7.13 GA
MACOSNOTE-28914Fixed a potential dylib hijacking issue.Evernote for Mac 7.12 GA
MACOSNOTE-28840Fixed a regression and added the prompt before opening any file:// URIs.Evernote for Mac 7.10 Beta 1 and 7.9.1 GA
MACOSNOTE-28634Fixed a local file path traversal issue on attachment previewing.Evernote for Mac 7.6
MACOSNOTE-12400Added a prompt before opening any file:// URIs.Evernote for Mac 6.6
MACOSNOTE-18729Improved NSConnection usage with NSProtocolChecker to protect the cross application IPC channel.Evernote for Mac 6.3

Evernote for Windows

Ticket IdDescriptionFixed Release
WINNOTE-20063Fixed a stored cross site scripting (XSS) vulnerability in modified external web links.Evernote for Windows 6.19 GA
WINNOTE-19941Fixed a vulnerability in the protocol handler, specifically Evernote client installed on Windows 10, 7 or 2008 can be tricked in arbitrary command execution if the user clicks on a specially crafted URL. Evernote for Windows 6.18 beta 2 and 6.17.7 GA
WINNOTE-19568, WINNOTE-19620Fixed a stored cross site scripting (XSS) issue in rendering attachment filenames. Evernote for Windows 6.16 beta 1 and 6.16 GA
WINNOTE-19377Improved security by always generating HTTPS URLs to Evernote services. Evernote for Windows 6.15 beta 1 and 6.15 GA
WINNOTE-19299Fixed an issue in versions 6.4 - 6.7 where the app would send authentication tokens over HTTP when contacting certain portions of the Evernote Service. The vulnerability did not affect note content, usernames, or passwords and those continued to be securely encrypted in transit. Evernote for Windows versions 6.7.6 (Hotfix) and 6.8.6 (First GA release)
WINNOTE-15870Fixed a potential stored cross site scripting (XSS) issue on Google Drive integration.Evernote for Windows 6.4
WINNOTE-15637, WINNOTE-8970Fixed DLL hijacking/preloading vulnerabilities on installer and other binaries.Evernote for Windows 6.3
WINNOTE-14610Delete the local data in the original folder when the local folder configuration is changed.Evernote for Windows 6.1.2
WINNOTE-13340, WINNOTE-13475, WINNOTE-13472Fixed several stored XSS (cross-site scripting) issues in activity view and other web views.Evernote for Windows 5.9.5
WINNOTE-8997Added a warning to users before opening local files.Evernote for Windows 5.8.11
CE-735Fixed a stored XSS (cross-site scripting) issue in Related Context by properly rendering the context note snippet.Evernote for Windows 5.8.4

Evernote for iOS

Ticket IdDescriptionFixed Release
IOSNOTE-27747Fixed an issue that saved screenshot might show up prior to PIN lock screen for a short time period.Evernote for iOS 8.16
IOSNOTE-28074Fixed a PIN lock bypass issue.Evernote for iOS 8.2
IOSNOTE-22342Updated the keychain items accessibility attribute in iTunes/iCloud backups.Evernote for iOS 7.14
IOSNOTE-19688, CP-3280Fixed the WebViews that disables same-origin policy using file:// URLs.Evernote for iOS 7.7.7
IOSNOTE-19338Upgraded vulnerable SDWebImage library to 3.7.2.Evernote for iOS 7.7.2

Evernote for Android

Ticket IdDescriptionFixed Release
DRDNOTE-30711Fixed an issue where certain third party content providers were identified by their package names rather than package signatures.Evernote for Android 8.12.2
DRDNOTE-31085Fixed an issue where the Widget4x1SettingsActivity/Widget4x2SettingsActivity activities may be exploited through a malicious Intent.Evernote for Android 8.12.2
DRDNOTE-31086Fixed an issue where the NewPhoneMainActivity activity may be exploited through a malicious Intent.Evernote for Android 8.12.2
DRDNOTE-31087Fixed an issue where the ContractNoUiActivity activity may be exploited through a malicious Intent.Evernote for Android 8.12.2
DRDNOTE-31088Fixed an issue where the URIBrokerActivity activity may be exploited through a malicious Intent.Evernote for Android 8.12.2
DRDNOTE-31089Fixed an issue where the AuthorizeThirdPartyAppActivity activity may be exploited through malicious Intent.Evernote for Android 8.12.2
DRDNOTE-31090Fixed an issue where the ClipActivity activity may be exploited through malicious Intent.Evernote for Android 8.12.2
DRDNOTE-31033Fixed an issue in an exported Activity that might be exploited through malicious Intent.Evernote for Android 8.12
DRDNOTE-30932Fixed a PIN lock bypass issue in Android's Google Search integration.Evernote for Android 8.11
DRDNOTE-30589, DRDNOTE-30753Fixed a PIN lock bypass issue.Evernote for Android 8.9
DRDNOTE-24142Fixed a PIN lock bruteforcing issue.Evernote for Android 7.9.9
DRDNOTE-23054Fixed a potential stored cross site scripting (XSS) issue on Google Drive integration.Evernote for Android 7.9.5
DRDNOTE-20794, DRDNOTE-22660Fixed a PIN lock bypass issue.Evernote for Android 7.9.4
DRDNOTE-20842Fixed an issue that some WebView could ignore SSL certificate errors in debug/internal builds.Evernote for Android 7.6
DRDNOTE-9500, DRDNOTE-11183Move notes stored in SD card to internal memory.Evernote for Android 7.0.7

Evernote for BlackBerry

Ticket IdDescriptionFixed Release
EFB-1836Fixed an issue that PIN lock can be bypassed.Evernote for BlackBerry 5.6.2

Web Clipper 7 for Chrome

Ticket IdDescriptionFixed Release
CLIPPER-2673Fixed several issues by validating events, adding clickjacking protection and etc.Evernote Clipper 7 for Chrome 7.12.2.1
CLIPPER-2582Fixed an issue that could cause browser's same origin policy to be bypassed.Web Clipper 7 for Chrome 7.11.1
CLIPPER-1371Fixed an issue regarding automated notebook suggestions.Web Clipper 7 for Chrome 7.2.1

Web Clipper 6 for Chrome

Ticket IdDescriptionFixed Release
CC-3860Fixed a potential cross site scripting (XSS) issue.Web Clipper 6 for Chrome 6.13.2
CC-2561Fixed a potential cross site scripting (XSS) issue while clipping from a malicious site.Web Clipper 6 for Chrome 6.9.2
CC-1729Fixed a potential HTML injection issue through the extension's login page.Web Clipper 6 for Chrome 6.7
CC-1693Fixed a potential stored cross site scripting (XSS) issue in releated search results.Web Clipper 6 for Chrome 6.6

Web Clipper 6 for Safari

Ticket IdDescriptionFixed Release
CC-3860Fixed a potential cross site scripting (XSS) issue.Web Clipper 6 for Safari 6.13.2
SAFARICLIP-992Fixed a potential stored cross site scripting (XSS) issue in releated search results.Web Clipper 6 for Safari 6.7

Penultimate for iOS

Clipper
Ticket IdDescriptionFixed Release
IOSPENULT-4056Updated adonit SDK to fetch all web content through HTTPS.Penultimate for iPad 6.2

Evernote Web Clipper Ipad

Evernote Food for iOS

Ticket IdDescriptionFixed Release
IOSFOOD-4320Upgraded vulnerable SDWebImage library to 3.7.2.Evernote Food for iOS 2.5.1
We have ended support for this product and will not be providing any future security updates.September 30, 2015

Skitch for iOS

Ticket IdDescriptionFixed Release
We have ended support for this product and will not be providing any future security updates.January 22, 2016

Skitch for Android

Ticket IdDescriptionFixed Release
We have ended support for this product and will not be providing any future security updates.January 22, 2016

Skitch for Windows Touch

Ticket IdDescriptionFixed Release
We have ended support for this product and will not be providing any future security updates.January 22, 2016

Skitch for Windows

Evernote Web Clipper Safari 13 Download

Ticket IdDescriptionFixed Release
We have ended support for this product and will not be providing any future security updates.January 22, 2016

Evernote Clearly

Ticket IdDescriptionFixed Release
We have ended support for this product and will not be providing any future security updates.January 22, 2016

Evernote for Pebble

Ticket IdDescriptionFixed Release
We have ended support for this product and will not be providing any future security updates.January 22, 2016