A Vulnerability in ES File Explorer Exposes All of Your Files to Anyone on the Same Network

For a very long time, ES File Explorer was the de facto file manager on Android. Over time, however, it turned out that its reliability was less good. A recent vulnerability reminds us why there are better choices now.

As indicated by the Android font, there is a new vulnerability in ES that exposes your files to anyone on the same network – just open the app. once. This bug was found by searching for Elliot Alderson, who posted on it on Twitter.

Apparently, ES leaves port 59777 open on your phone after launch, allowing anyone on the same network to access the file structure and beyond. An attacker can use this open port to inject a JSON payloadthen access all your information and download them.

The advantage is that the ES team knows the problem and says it has been resolved, with an upcoming update:

We fixed the vulnerability issue http and published. Until the Google market passes the test.

However, given the turbulent history of the ES, it is an additional opportunity to remind everyone there are better options out there. If you insist on using ES, I would at least suggest avoiding it until the update that fixes this bug is available in the Play Store.

via Android font


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.