Google Pixel recently received the March security patch that packs a number of updates and changes to the device, including the addition of the Magic Eraser tool to all Pixel devices, amongst other changes. This was a long-awaited update that Pixel users were very eager to receive. However, it wasn’t all ‘good news’ and ‘bright skies’ with the latest update. A weak point in the Pixel’s software framework might just have been revealed.
Google’s March security patch for Android has revealed a potentially serious vulnerability in the Pixel’s Markup screenshot tool. Reverse engineers Simon Aarons and David Buchanan discovered the “aCropalypse” flaw, which enables someone to take a PNG screenshot cropped in Markup and undo some of the image’s edits. This could be abused by a malicious actor to reveal sensitive information redacted by a Pixel owner using Markup. Buchanan has revealed the flaw has existed since Markup’s launch alongside Android 9 Pie in 2018, with older images at risk due to Google’s oversight.
Although March’s security patch prevents Markup from compromising future images, the patch isn’t available on all Pixel devices, meaning vulnerable images can still be produced. The vulnerability may not affect some social media platforms such as Twitter, as these may process images in a way that makes it difficult to reverse-edit them. However, other chat apps like Discord are still vulnerable, and it’s unclear if other social media and chat apps are similarly affected. Google has yet to respond to requests for comment and further information. Pixel owners are advised to avoid using Markup to share sensitive images until the patch is available on all devices.
RELATED:
- Google Photos Develops Video Unblur Tool and Effects for Pixel 8 Series
- Google Pixel Fold will reportedly cost much lesser than Galaxy Z Fold 4 & Fold 5
- Best Curved Monitors 2023: Impressive Designs and Performance
(Via)
