Bug Google Pixel reveals the changes you’ve made to the screenshots. We could jokingly call it the time machine bug but in fact it is simply a serious security (and privacy) flaw in Google Pixels. We are talking about a problem identified in the phones of the Sunnyvale house due to which it is possible to undo all the changes made on a screen shot even 4 years old and therefore see the original version.
WhatsApp will activate the “deadline” to automatically leave the groups
The vulnerability was named “Acropalypse“, identified in dedicated databases as CVE-2023-21036 and classified as “high” severity, affects a screenshot editor named Markup that appeared in 2018 in Google Pixel phones. The program should allow you to apply simple edits, blur or cut a part before sharing an image.
Operation that performs correctly except that it is possible to restore the original image by deleting clippings and blurring, with all that this could entail. For example, bring to light sensitive data or elements that you did not want to make public.
From a technical point of view, the vulnerability seems to be related to the modification to an Android 10 API. Google’s screenshot editor overwrites the original file with the new file but does not truncate the information or recompress the file, adding information at the end of the file that allow you to restore the original image.
Who discovered the vulnerability has created a tool, usable via the web, to demonstrate how the bug works; thanks to it, you can see what happens when you try to “strip” the sent images, revealing the cropped areas or the modifications made.
The problem affects all Pixel models from version 3 to 7; the patch is available with the March update, but only for Pixel 4a and later devices; precedents continue to be exposed.
The flaw was corrected with the March security patches for Pixel 4A, Pixel 5A, Pixel 7 and 7 Pro but it is not clear when (and if) an update will arrive for the other affected devices as well. What’s more, although the flaw is now gone, all previously taken screenshots are at risk. Taking into account the age of the bug, it is not difficult to quantify in the hundreds of millions, perhaps billions, the number of screenshots in circulation with recoverable information.
If you have a Pixel phone, it’s a good idea to download and install updates as soon as possible; If you use a device that is not among those that have received the security update, it is a good idea to turn to a screenshot editing app other than Markup.
A few days ago a different vulnerability was discovered, also very serious, which could compromise users’ confidential information.
For all the news on computer security, we refer you to this section of our site.
