
Evernote service not affected by Shellshock bug
Information about the vulnerability in GNU Bash discovered by Stephanie Chazelas was publicly disclosed last week. The bug is officially named CVE-2014-6271 , but is better known as Shellshock. GNU Bash is available on most Linux and OS X systems, and we use this interpreter to manage servers and other Evernote service infrastructure.
Given the seriousness of the bug, we decided to make a separate statement that the vulnerability does not affect the security of our service. Evernote's code and infrastructure were designed to prevent attacks using this vulnerability. As an Evernote user, you do not need to take any action.
We also use some external services to support our users. We are not aware that any of them were affected by this bug, and we continue to check them to make sure of this completely. We will let you know if we find anything.
Given the seriousness of the bug, we decided to make a separate statement that the vulnerability does not affect the security of our service. Evernote's code and infrastructure were designed to prevent attacks using this vulnerability. As an Evernote user, you do not need to take any action.
We also use some external services to support our users. We are not aware that any of them were affected by this bug, and we continue to check them to make sure of this completely. We will let you know if we find anything.