A severe vulnerability has been found with the Markup tool on Pixel smartphones that can let hackers un-edit the edited screenshots. While the vulnerability has been patched with the latest March 2023 security patch, it still poses risks for Pixel users.
Identified by security researchers Simon Aarons and David Buchanan, dubbed the “aCropalypse” flaw, marked CVE-2023-21036, let someone undo some of the edits made with the Markup tool on a cropped PNG screenshot.
Even though Google has patched the flaw now, several Pixel users are still at risk of their older screenshots being compromised by bad actors.
So how does it impact users? The security researchers explain an instance where someone can use the vulnerability to affect users. So, let’s suppose someone has used the Markup tool on their Pixel to crop or hide their personal information, such as their name, address, or card number. Despite being hidden from users, a bad actor can exploit the flaw to undo the edits and retract the information the users have been hiding.
As per the researchers, the vulnerability has been there for about five years now, meaning it first appeared with the introduction of the Markup tool, which was released with Android 9 in 2018.
As per the researchers, the vulnerability has been there for about five years now, meaning it first appeared with the introduction of the Markup tool, which was released with Android 9 in 2018. While the issue has been fixed now, and bad actors may not be able to retract edited screenshots from now on, there are many old screenshots, before the March 2023 security patch was released, that Pixel users may have shared online that are still at risk of hackers.
There is no exact idea of how widespread the impact of this bug may be. But, most of the platforms still have not patched out this vulnerability. The chat app, Discord, only recently patched the flaw on January 17, so screenshots shared before could still be at risk. Meanwhile, Twitter is some of the only websites that process images differently, so the vulnerability could not be used to undo the edits on the screenshots.
Identified by security researchers Simon Aarons and David Buchanan, dubbed the “aCropalypse” flaw, marked CVE-2023-21036, let someone undo some of the edits made with the Markup tool on a cropped PNG screenshot.
Even though Google has patched the flaw now, several Pixel users are still at risk of their older screenshots being compromised by bad actors.
So how does it impact users? The security researchers explain an instance where someone can use the vulnerability to affect users. So, let’s suppose someone has used the Markup tool on their Pixel to crop or hide their personal information, such as their name, address, or card number. Despite being hidden from users, a bad actor can exploit the flaw to undo the edits and retract the information the users have been hiding.
As per the researchers, the vulnerability has been there for about five years now, meaning it first appeared with the introduction of the Markup tool, which was released with Android 9 in 2018.
As per the researchers, the vulnerability has been there for about five years now, meaning it first appeared with the introduction of the Markup tool, which was released with Android 9 in 2018. While the issue has been fixed now, and bad actors may not be able to retract edited screenshots from now on, there are many old screenshots, before the March 2023 security patch was released, that Pixel users may have shared online that are still at risk of hackers.
There is no exact idea of how widespread the impact of this bug may be. But, most of the platforms still have not patched out this vulnerability. The chat app, Discord, only recently patched the flaw on January 17, so screenshots shared before could still be at risk. Meanwhile, Twitter is some of the only websites that process images differently, so the vulnerability could not be used to undo the edits on the screenshots.
Stay connected with us on social media platform for instant update click here to join our Twitter, & Facebook
We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
Denial of responsibility! TechiLive.in is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.
