AirDroid Unauthenticated Arbitrary File Upload Exploit was exposed on 7/6/2015. Attackers in the same network can upload files to your device without authentication in some way. We got down to it immediately and released this new version to fix the exploit.
Please update to AirDroid v3.1.4 (Android app only) to keep your phone safe. Thank Parsa Adib for reporting this exploit.
We suggest you update to the latest version as soon as possible to avoid attack. If it is inconvenient for you to update now, you can avoid attack by using AirDroid with cellular data or trusted private Wi-Fi only.
AirDroid v3.1.4 Changelog:
1. Fixed the exploit that attackers in the same network can upload files to your device without authentication in some way.
2. Fixed a bug that prevents uploading folder with more than 100 files successfully in AirDroid Web.
AirDroid team will keep reducing the vulnerabilities. Please contact us at firstname.lastname@example.org if you find any other vulnerabilities of AirDroid.
Thank all AirDroid users for supporting!