Evernote: One Click Code Execution via File

2020-03-18T02:09:03
ID H1:822609
Type hackerone
Reporter ajdumanhug
Modified 2020-03-24T22:36:11

Description

This issue was reported to Evernote by @ajdumanhug and fixed in November 2019. This disclosure is a copy of the original, and is for historical purposes only.

Overview

The Open with Terminal functional is vulnerable to One Click Code Execution. Tested the vulnerability using the Mac Desktop App version Mac 7.13 and below.

It happens because they don't add com.apple.quarantine meta-attribute for downloaded files to avoid the execution of terminal files.

I already reported this to Evernote, and I just wanted to report it here to ask for disclosure.

Proof of Concept

https://www.youtube.com/watch?v=OG2tKlZX5bg&feature=youtu.be

Supporting Material/References:

https://discussion.evernote.com/topic/121459-evernote-for-mac-713/ https://evernote.com/security/updates#MACOSNOTE-28956 https://www.cvedetails.com/cve/CVE-2019-17051/