3

Google Pixel Bug Lets You 'Uncrop' the Last Four Years of Screenshots - Slashdot

 1 year ago
source link: https://it.slashdot.org/story/23/03/20/2034220/google-pixel-bug-lets-you-uncrop-the-last-four-years-of-screenshots
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

Google Pixel Bug Lets You 'Uncrop' the Last Four Years of Screenshots

Slashdot is powered by your submissions, so send in your scoop

binspamdupenotthebestofftopicslownewsdaystalestupid freshfunnyinsightfulinterestingmaybe offtopicflamebaittrollredundantoverrated insightfulinterestinginformativefunnyunderrated descriptive typodupeerror

Do you develop on GitHub? You can keep using GitHub but automatically sync your GitHub releases to SourceForge quickly and easily with this tool so your projects have a backup location, and get your project in front of SourceForge's nearly 30 million monthly users. It takes less than a minute. Get new users downloading your project releases today!

Sign up for the Slashdot newsletter! or check out the new Slashdot job board to browse remote jobs or jobs in your area.
×
An anonymous reader quotes a report from Ars Technica: Back in 2018, Pixel phones gained a built-in screenshot editor called "Markup" with the release of Android 9.0 Pie. The tool pops up whenever you take a screenshot, and tapping the app's pen icon gives you access to tools like crop and a few colored drawing pens. That's very handy assuming Google's Markup tool actually does what it says, but a new vulnerability points out the edits made by this tool weren't actually destructive! It's possible to uncrop or unredact Pixel screenshots taken during the past four years.

The bug was discovered by Simon Aarons and is dubbed "Acropalypse," or more formally CVE-2023-21036. There's a proof-of-concept app that can unredact Pixel screenshots at acropalypse.app, and it works! There's also a good technical write-up here by Aarons' collaborator, David Buchanan. The basic gist of the problem is that Google's screenshot editor overwrites the original screenshot file with your new edited screenshot, but it does not truncate or recompress that file in any way. If your edited screenshot has a smaller file size than the original -- that's very easy to do with the crop tool -- you end up with a PNG with a bunch of hidden junk data at the end of it. That junk data is made up of the end bits of your original screenshot, and it's actually possible to recover that data. While the bug was fixed in the March 2023 security update for Pixel devices, it doesn't solve the problem, notes Ars. "There's still the matter of the last four years of Pixel screenshots that are out there and possibly full of hidden data that people didn't realize they were sharing."

Do you have a GitHub project? Now you can sync your releases automatically with SourceForge and take advantage of both platforms.
Do you have a GitHub project? Now you can automatically sync your releases to SourceForge & take advantage of both platforms. The GitHub Import Tool allows you to quickly & easily import your GitHub project repos, releases, issues, & wiki to SourceForge with a few clicks. Then your future releases will be synced to SourceForge automatically. Your project will reach over 35 million more people per month and you’ll get detailed download statistics.
Sync Now


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK