« What to expect from iOS 16.4 | Main | Apple introduces online personal shoppers in the US »
Sunday
Mar192023

Google Pixel vulnerability could let bad actors undo Markup screenshot edits

Image: Simon Aarons

One of the fixes the Android March security patch addressed is a "High" severity vulnerability involving the Pixel's Markup screenshot tool. And while it prevents the issue for future screenshots and photos, images shared in the past might still be at risk. Reverse engineers Simon Aarons and David Buchanan discovered the vulnerability and shared more information online.

The "aCropalypse" flaw allowed someone to take a PNG screenshot cropped in Markup and undo at least some of the edits in the image. So, if you use the tool to redact sensitive information in an image, a bad actor can reveal the information.

Buchanan claims the flaw has existed for around five years. And that's the issue. It's unclear how concerned Pixel users should be about this fall. But Aarons and Buchanan have shared that some sites like Twitter process images in a way that someone couldn't exploit the vulnerability to reverse edit a screenshot or photo. But they specifically pointed out that sites like Discord haven't patched the exploit until its recent January 17 update. We don't know about other social media apps yet.

The March update comes to the Pixel 4a, 5a, 7, and 7 Pro. It's unclear if this patch is coming to other Pixel devices. But if you have a Pixel phone without the patch, you might want to avoid using Markup for this feature for now.

Source

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>