diff --git a/src/main/java/com/ninjaflip/androidrevenge/core/apktool/apkinfo/manifestextractor/Extract.java b/src/main/java/com/ninjaflip/androidrevenge/core/apktool/apkinfo/manifestextractor/Extract.java
index d718e38..fd63179 100644
--- a/src/main/java/com/ninjaflip/androidrevenge/core/apktool/apkinfo/manifestextractor/Extract.java
+++ b/src/main/java/com/ninjaflip/androidrevenge/core/apktool/apkinfo/manifestextractor/Extract.java
@@ -87,7 +87,7 @@ public void unZip(String apkFile) throws Exception {
             // Create Zip Entry Folder
             File zeFile = extractFolder;
             if (zeFolder != null) {
-                zeFile = new File(extractFolder.getPath() + File.separator + zeFolder);
+                zeFile = new File(extractFolder.getPath(), zeFolder);
                 if (!zeFile.exists())
                     zeFile.mkdirs();
             }
@@ -112,7 +112,13 @@ public void unZip(String apkFile) throws Exception {
             int count;
             byte data[] = new byte[BUFFER];
 
-            FileOutputStream fos = new FileOutputStream(zeFile.getPath() + File.separator + zeName);
+            final File zipEntryFile = new File(zeFile.getPath(), zeName);
+
+            if (!zipEntryFile.toPath().normalize().startsWith(zeFile.getPath())) {
+                throw new RuntimeException("Bad zip entry");
+            }
+
+            FileOutputStream fos = new FileOutputStream(zipEntryFile);
             dest = new BufferedOutputStream(fos, BUFFER);
 
             while ((count = zin.read(data, 0, BUFFER)) != -1) {