This serious flaw in the popular Evernote platform is important, and it’s important that you update right away.
Online note sharing company Evernote has patched a hole that allowed attackers to infect notes shared via its service. The vulnerability (CVE-2018-18524) could have allowed an attacker to run programs remotely on a victim’s computer simply by sharing a note with them and persuading them to view it.
This type of flaw could allow a remote actor to execute malicious code on your computer, which means they could leverage Evernote to install malware, ransomware, or other malicious payloads on your PC. In order to fix this issue, please update your Evernote software right away. Also always be vigilant of who is sharing data with you in Evernote.
Just because a flaw is discovered in a piece of software doesn’t mean it’s a bad platform. Every software has bugs, and that’s why there’s a strong community of researches to find and fix them. What matters is the company’s response to the discovery in a bug. In our opinion, Evernote has done an excellent job acknowledging and fixing this critical bug.