Pierre Bourdon

CVE-2023-21036 / acropalypse is absolutely bonkers.

Apparently for 5+ years the cropping / editing tools for screenshots on Google Pixel phones was only overwriting the start of the screenshot PNG file, but not truncating.

All screenshots shared for the past 5+ years might have data recoverable from them. Demo available at acropalypse.app/

Google still hasn't communicated anything on this.

(h/t ItsSimonTime on Musk's site)

1+
S Nielsen

@delroth Wow... that's incredible level of bad.

I'm now sitting here wondering if it's really Pixel specific or not... and if other screenshot solutions suffer from a similar problem, or Google did something very silly...

At least it seems like it has been fixed in the 2023 March update.... for future screenshots (presumably)...

1
Pierre Bourdon

@simonlbn "future" indeed, since the 2023 March update isn't available publicly for Pixel 6 / 6 Pro at this point.

Yes, despite the fact that Project Zero dropped 5 remotely exploitable vulns for those devices yesterday.

1+
⊥ᵒᵚ Cᵸᵎᶺᵋᶫ∸ᵒᵘ ☑️
Follow

@delroth @simonlbn pixel 4a got the update earlier this week

· · Tusky · 0 · 0 · 2
Sign in to participate in the conversation
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.

Trending now

Resources

Developers

What is Mastodon?

qoto.org

More…

v3.5.19-qoto · Privacy policy