Evernote: One Click Code Execution via File

ID H1:822609
Type hackerone
Reporter ajdumanhug
Modified 2020-03-24T22:36:11


This issue was reported to Evernote by @ajdumanhug and fixed in November 2019. This disclosure is a copy of the original, and is for historical purposes only.


The Open with Terminal functional is vulnerable to One Click Code Execution. Tested the vulnerability using the Mac Desktop App version Mac 7.13 and below.

It happens because they don't add com.apple.quarantine meta-attribute for downloaded files to avoid the execution of terminal files.

I already reported this to Evernote, and I just wanted to report it here to ask for disclosure.

Proof of Concept


Supporting Material/References:

https://discussion.evernote.com/topic/121459-evernote-for-mac-713/ https://evernote.com/security/updates#MACOSNOTE-28956 https://www.cvedetails.com/cve/CVE-2019-17051/