When Google started rolling out Android , the company has addressed a critical security vulnerability involving the Pixel’s Markup screenshot tool. during the Weekend, And The reverse engineers who discovered CVE-2023-21036 have shared more information about the vulnerability, revealing that Pixel users are still at risk of having their old photos compromised due to the nature of Google’s oversight.
In short, the “aCropalypse” bug allowed someone to take a screenshot of a PNG cropped in Markup and undo at least some of the edits in the image. It’s easy to imagine scenarios where a bad actor might abuse this ability. For example, if an owner used Pixel Markup to retouch a photo that contained sensitive information about themselves, someone could exploit the flaw to reveal that information. You can find technical details at .
Introducing Acropalips: A critical privacy vulnerability in the Google Pixel’s built-in screenshot editing tool, Markup, allowing partial retrieval of original, unedited image data from a cropped and/or retouched screenshot. Thank you very much @david3141593 to help him all the time! pic.twitter.com/BXNQomnHbr
— Simon Aarons (@ItsSimonTime) March 17, 2023
According to Buchanan, the bug has been around for about five years, coinciding with the release of Markup alongside. Therein lies the problem. While the March security patch will prevent Markup from hacking future photos, some screenshots that Pixel users may have shared in the past are still at risk.
It’s hard to say how concerned Pixel users are about the flaw. According to issuance Aarons and buchanan co with And Some websites, including Twitter, manipulate images in such a way that no one can exploit the vulnerability to reverse-edit a screenshot or image. Users on other platforms are not so lucky. Aarons and Buchanan specifically identify Discord, noting that the chat app didn’t fix the vulnerability until its latest update on January 17th. At the moment, it is not clear if the photos shared on social media and other chat apps were left similarly vulnerable.
Google did not immediately respond to BanglaWebTools’s request for comment and more information. The March security update is currently available on the Pixel 4a, 5a, 7, and 7 Pro, which means Markup can still produce vulnerable images on some Pixel devices. It is not clear when Google will push the patch to other Pixel devices. If you own a Pixel without the patch, avoid using Markup to share sensitive photos.
This article originally appeared on BanglaWebTools at https://www.BanglaWebTools.com/google-pixel-vulnerability-allows-bad-actors-to-undo-markup-screenshot-edits-and-redactions-195322267.html?src= rss
