Yesterday someone informed us of a potential security issue with file uploads within WPtouch. After investigating, we determined that the code that allows WordPress administrators to upload files needed to be hardened to not accept certain types of files. We’ve included this fix in version 3.4.7, which was released last night for WPtouch Pro as well as the free version of WPtouch.
This issue only affected WordPress administrators who were already logged in, many of whom typically have access to the file system already. When possible, update to 3.4.7 which includes the updated file upload handling with improved security.