印象笔记产品安全更新

印象笔记致力于为全球数亿用户提高工作效率。保护用户的数据安全和隐私是我们的职责所在。我们会持续进行产品测试,提高安全性能,修复已知问题。

你可以在此处查看我们最近修复的安全问题。我们会在新版本出现关于安全方面的更新时发布在这里。(请注意:此处将发布 2015年3月1日之后的更新,在此日期之前的问题修复将不再发布。)

实时了解安全补丁最新动向,请到此页查看或参照我们的应用更新说明。

印象笔记 Mac版

问题 ID

描述

已修复版本

MAC-832Fixed a stored cross site scripting (XSS) issue in Markdown.印象笔记 for Mac 8.3.2
MACOSNOTE-12400Added a prompt before opening any file:// URIs.印象笔记 for Mac 6.6
MACOSNOTE-18729Improved NSConnection usage with NSProtocolChecker to protect the cross application IPC channel.印象笔记 for Mac 6.3

印象笔记 Windows 版

问题 ID

描述

已修复版本

WINDOWS-684Fixed a stored cross site scripting (XSS) issue in Markdown.印象笔记 for Windows 6.15.12
WWINNOTE-19568, WINNOTE-19620Fixed a stored cross site scripting (XSS) issue in rendering attachment filenames.印象笔记 for Windows 6.15.6
WINNOTE-19299Fixed an issue in versions 6.4 – 6.7 where the app would send authentication tokens over HTTP when contacting certain portions of the Evernote Service. The vulnerability did not affect note content, usernames, or passwords and those continued to be securely encrypted in transit.印象笔记 for Windows versions 6.7.6 (Hotfix) and 6.8.6 (First GA release)
WINNOTE-15870Fixed a potential stored cross site scripting (XSS) issue on Google Drive integration.印象笔记 for Windows 6.4
WINNOTE-15637, WINNOTE-8970Fixed DLL hijacking/preloading vulnerabilities on installer and other binaries.印象笔记 for Windows 6.3
WINNOTE-14610Delete the local data in the original folder when the local folder configuration is changed.印象笔记 for Windows 6.1.2
WINNOTE-13340, WINNOTE-13475, WINNOTE-13472Fixed several stored XSS (cross-site scripting) issues in activity view and other web views.印象笔记 for Windows 5.9.5
WINNOTE-8997Added a warning to users before openning local files.印象笔记 for Windows 5.8.11
CE-735Fixed a stored XSS (cross-site scripting) issue in Related Context by properly rendering the context note snippet.印象笔记 for Windows 5.8.4

适用于 iOS 的印象笔记

问题 ID

描述

已修复版本

IOSNOTE-28074Fixed a PIN lock bypass issue.印象笔记 for iOS 8.2
IOSNOTE-22342Updated the keychain items accessibility attribute in iTunes/iCloud backups.印象笔记 for iOS 7.14
IOSNOTE-19688, CP-3280Fixed the WebViews that disables same-origin policy using file:// URLs.印象笔记 for iOS 7.7.7
IOSNOTE-19338Upgraded vulnerable SDWebImage library to 3.7.2.印象笔记 for iOS 7.7.2

印象笔记 Android 版

问题 ID

描述

已修复版本

DRDNOTE-24142Fixed a PIN lock bruteforcing issue.印象笔记 for Android 7.9.9
DRDNOTE-23054Fixed a potential stored cross site scripting (XSS) issue on Google Drive integration.印象笔记 for Android 7.9.5
DRDNOTE-20794,DRDNOTE-22660Fixed a PIN lock bypass issue.印象笔记 for Android 7.9.4
DRDNOTE-20842Fixed an issue that some WebView could ignore SSL certificate errors in debug/internal builds.印象笔记 for Android 7.6
DRDNOTE-9500, DRDNOTE-11183Move notes stored in SD card to internal memory.印象笔记 for Android 7.0.7

印象笔记 BlackBerry 版

问题 ID

描述

已修复版本

EFB-1836Fixed an issue that PIN lock can be bypassed.印象笔记 for BlackBerry 5.6.2

剪藏 6 Chrome 版

问题 ID

描述

已修复版本

CC-2561Fixed a potential cross site scripting (XSS) issue while clipping from a malicious site.剪藏 6 for Chrome 6.9.2
CC-1729Fixed a potential HTML injection issue through the extension’s login page.剪藏 6 for Chrome 6.7
CC-1693Fixed a potential stored cross site scripting (XSS) issue in releated search results.剪藏 6 for Chrome 6.6

剪藏 6 Safari 版

问题 ID

描述

已修复版本

SAFARICLIP-992Fixed a potential stored cross site scripting (XSS) issue in releated search results.剪藏 6 for Safari 6.7

印象笔记·墨笔 iOS版

问题 ID

描述

已修复版本

IOSPENULT-4056Updated adonit SDK to fetch all web content through HTTPS.印象笔记·墨笔 for iPad 6.2

印象笔记·食记 iOS 版

问题 ID

描述

已修复版本

IOSFOOD-4320Upgraded vulnerable SDWebImage library to 3.7.2.印象笔记·食记 for iOS 2.5.1
 We have ended support for this product and will not be providing any future security updates.September 30, 2015

印象笔记·圈点 iOS版

问题 ID

描述

已修复版本

 We have ended support for this product and will not be providing any future security updates.January 22, 2016

印象笔记·圈点安卓版

问题 ID

描述

已修复版本

 We have ended support for this product and will not be providing any future security updates.January 22, 2016

印象笔记·圈点 Touch Windows 版

问题 ID

描述

已修复版本

 We have ended support for this product and will not be providing any future security updates.January 22, 2016

印象笔记·圈点 Windows 版

问题 ID

描述

已修复版本

 We have ended support for this product and will not be providing any future security updates.January 22, 2016

印象笔记·悦读

问题 ID

描述

已修复版本

 We have ended support for this product and will not be providing any future security updates.January 22, 2016

印象笔记 Pebble 版

问题 ID

描述

已修复版本

 We have ended support for this product and will not be providing any future security updates.January 22, 2016