The Electrum Bitcoin wallet app has a vulnerability that existed in the software for almost two years. The vulnerability was introduced back in Electrum version 2.6, released in February 2016. Google security researcher Tavis Ormandy provided more context to why exposing the Electrum wallet’s interface is such a big issue. The best security practice is to password-protect and bind the interface to localhost, meaning only locally installed apps that know a password can interact with the interface. Electrum team is urging all users to update to a new version of their wallet app.
Source: https://www.bleepingcomputer.com/news/security/electrum-bitcoin-wallets-left-exposed-to-hacks-for-two-years/