Vulnerability Laboratory found bugs on latest builds of File Lite and File Pro. Both apps allow attackers to upload files to another user’s account without their permission. Two others allow code injection in the user s browser while they view a file listing. Both of the vulnerabilities rely on the user browsing files on the device via its WiFi setting, so anyone who uses the apps may want avoid doing that until the company issues another fix. The applications are patched every several months and are available on Apple’s App Store.
Source: https://threatpost.com/remote-code-injection-vulnerabilities-discovered-in-ios-apps/100709/