Image: Simon Aarons
One of the fixes the Android March security patch addressed is a "High" severity vulnerability involving the Pixel's Markup screenshot tool. And while it prevents the issue for future screenshots and photos, images shared in the past might still be at risk. Reverse engineers Simon Aarons and David Buchanan discovered the vulnerability and shared more information online.
The "aCropalypse" flaw allowed someone to take a PNG screenshot cropped in Markup and undo at least some of the edits in the image. So, if you use the tool to redact sensitive information in an image, a bad actor can reveal the information.
Buchanan claims the flaw has existed for around five years. And that's the issue. It's unclear how concerned Pixel users should be about this fall. But Aarons and Buchanan have shared that some sites like Twitter process images in a way that someone couldn't exploit the vulnerability to reverse edit a screenshot or photo. But they specifically pointed out that sites like Discord haven't patched the exploit until its recent January 17 update. We don't know about other social media apps yet.
The March update comes to the Pixel 4a, 5a, 7, and 7 Pro. It's unclear if this patch is coming to other Pixel devices. But if you have a Pixel phone without the patch, you might want to avoid using Markup for this feature for now.