Get In Touch
Luisenstr.17a, 64546 Moerfelden, Hessen - Germany
Ph: +49.01590.6473863
Work Inquiries
Ph: +49.01590.6473863

Google Pixel vulnerability permits dangerous actors to undo Markup screenshot edits and redactions

When Google started rolling out Android’s , the corporate addressed a “Excessive” severity vulnerability involving the Pixel’s Markup screenshot device. Over the weekend, and , the reverse engineers who found CVE-2023-21036, shared extra details about the safety flaw, revealing Pixel customers are nonetheless prone to their older photographs being compromised because of the nature of Google’s oversight.

In brief, the “aCropalypse” flaw allowed somebody to take a PNG screenshot cropped in Markup and undo no less than a few of the edits within the picture. It’s straightforward to think about situations the place a nasty actor might abuse that functionality. As an illustration, if a Pixel proprietor used Markup to redact a picture that included delicate details about themselves, somebody might exploit the flaw to disclose that data. Yow will discover the technical particulars on .

In accordance with Buchanan, the flaw has existed for about 5 years, coinciding with the discharge of Markup alongside . And therein lies the issue. Whereas March’s safety patch will forestall Markup from compromising future photographs, some screenshots Pixel customers could have shared up to now are nonetheless in danger.

It’s arduous to say how involved Pixel customers ought to be concerning the flaw. In accordance with a forthcoming Aarons and Buchanan shared with and , some web sites, together with Twitter, course of photographs in such a manner that somebody couldn’t exploit the vulnerability to reverse edit a screenshot or picture. Customers on different platforms aren’t so fortunate. Aarons and Buchanan particularly establish Discord, noting the chat app didn’t patch out the exploit till its current January seventeenth replace. For the time being, it’s unclear if photographs shared on different social media and chat apps had been left equally weak.

Google didn’t instantly reply to Engadget’s request for remark and extra data. The March safety replace is at present accessible on the Pixel 4a, 5a, 7 and seven Professional, which means Markup can nonetheless produce weak photographs on some Pixel gadgets. It’s unclear when Google will push the patch to different Pixel gadgets. For those who personal a Pixel telephone with out the patch, keep away from utilizing Markup to share delicate photographs.

This text initially appeared on Engadget at


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

We use cookies to give you the best experience. Cookie Policy