A vulnerability called ParseDroid affects development tools used by Android app developers and allows attackers to steal files and execute malicious code on vulnerable machines. The vulnerability affects the XML parsing library included with projects such as APKTool, IntelliJ, Eclipse, and Android Studio. Researchers discovered that this library does not disable external entity references when parsing an XML file, a classic XML External Entity vulnerability that attackers can exploit with ease. Attackers can steal files from PCs running vulnerable IDEs running these tools.
Source: https://www.bleepingcomputer.com/news/security/android-app-developers-at-risk-of-attacks-via-parsedroid-vulnerability/