Multiple Vulnerabilities Found in File Lite and File Pro iOS Apps

Multiple Vulnerabilities Found in File Lite and File Pro iOS Apps

Bad news this week for any users of the iOS file management apps File Lite and File Pro. Researchers over at Vulnerability Laboratory have published details for three vulnerabilities that they discovered in the latest versions of both apps.

Ranging from low to high risk, two of the vulnerabilities allow for code injection in the user’s browser when they view a file listing, while the most severe vulnerability allows an attacker to upload arbitrary files to a user’s account without any user interaction. While the impact of these vulnerabilities could be quite severe, exploitation requires a victim to be running the app’s Wi-Fi Sharing option.

The Wi-Fi Sharing method for sharing files runs a web server locally on your iPhone. It appears that all of the published vulnerabilities rely on the web server running to be exploited. If you already have the app on your phone and don’t want to lose the documents you have in it, you should be fine leaving the app on your phone, just avoid using the Wi-Fi Sharing option. Although based on the insecurities found by Vulnerability Laboratory, it’s probably not unwise to start using a different app to manage your files.

Nick Arnott

Security editor, breaker of things, and caffeine savant. QA at Double Encore. Writes on about QA & security, and as @noir on Twitter about nothing in particular.

More Posts



← Previously

iTunes 11.0.3 brings a number of important security fixes

Next up →

BBM or Google+ Hangouts; are you excited by either? [Poll]

Register or Login to add comments