The update process in Xmind 3.4.1 and previous versions allow remote malicious users to execute arbitrary code via a man-in-the-middle attack.
xmind xmind