• Home
  • Apps
  • Apps News
  • ES File Explorer Update Brings HTTP Vulnerability Fix, Other Bug Fixes

ES File Explorer Update Brings HTTP Vulnerability Fix, Other Bug Fixes

Share on Facebook Tweet Snapchat Share Reddit Comment
ES File Explorer Update Brings HTTP Vulnerability Fix, Other Bug Fixes

ES File Explorer was reported to have HTTP vulnerability in LAN

Highlights
  • ES File Explorer has quickly rolled out a fix for the HTTP vulnerability
  • Reported last week, vulnerability allowed easy phone access to hackers
  • ES File Explorer v4.1.9.9 update with the fix is available on Google Play

Just last week, an HTTP vulnerability was reported within ES File Explorer - a popular app used by many to manage phone storage. The vulnerability allegedly gave hackers easy access to phone's files, and all the victim had to do was open the app once to be exposed to it. Developers of ES File Explorer were quick to respond to this newfound bug, and within days of the reported vulnerability, a fix for the same has been issued. The update ES File Explorer v4.1.9.9 version is now available on Google Play, and all users are recommended to download it.

The changelog for the ES File Explorer v4.1.9.9 update states that the HTTP vulnerability in LAN has been fixed, alongside some other known bug fixes as well. The new v4.1.9.9 update also fixes a problem "that the music player part could not create a song list". A spokesperson also confirmed the fixes to Android Police, "The issue of unauthorised copying of files has been fixed by removing the corresponding code. The way a man-in-the-middle attack is avoided by the way the server upgrades."

We recommend all users to update to the latest version of ES File Explorer. The update is available to download for free on the Play Store, and as we mentioned, comes within days of the vulnerability being reported. The company had reportedly issued a fix last week itself, and was waiting for the Google market to pass the review. The developers told Android Police, "We have fixed the http vulnerability issue and released it. Waiting for the Google market to pass the review." And now finally the update with the fix is out for download.

According to security researcher who goes by the pseudonym Eliot Alderson, ES File Explorer used to start an HTTP server on port 59777, which left your phone accessible to anyone on the same local network to exploit it. The attacker can then use that port to inject a JSON payload and list out the files you have and even download them. If you happen to still use the app in in v4.1.9.7.4 and lower, then its best to update immediately, or connect only to highly trusted networks, or look for other alternatives.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Further reading: ES File Explorer
Tasneem Akolawala Tasneem Akolawala is a Senior Reporter for Gadgets 360. Her reporting expertise encompasses smartphones, wearables, apps, social media, and the overall tech industry. She reports out of Mumbai, and also writes about the ups and downs in the Indian telecom sector. Tasneem can be reached on Twitter at @MuteRiot, and leads, tips, and releases can be sent to tasneema@ndtv.com. More
The Division 2, Far Cry New Dawn PC Physical Editions Listed for India
WhatsApp Limits Forwards to 5 Chats Globally to Curb Rumours

Related Stories

 
 

Advertisement

Advertisement

© Copyright Red Pixels Ventures Limited 2020. All rights reserved.
Listen to the latest songs, only on JioSaavn.com