Curious Pixel Vulnerability: Fixed but Still Dangerous

Researchers Simon Aarons e David Buchanan have discovered a rather curious vulnerability on Google Pixels. In detail, they found that anyone who acquires one modified PNG screenshot via Android’s default markup tool, may undo some of the changes made not intended for display. The vulnerability, named “aCropalypse”was reported to Google, which proceeded to remedy it through the March security patches.

Although the company has taken steps to resolve the critical issueimages posted on some platforms cannot be considered safe at all. For example, it would appear that screenshots uploaded to Discord before mid-January 2023 are affected by the issue. In any case, to locate and perhaps remove potentially “recoverable” files, Buchanon created a website in which it will be sufficient to upload the PNG screenshot and check if that image can be affected by the problem.

As for criticality, it would appear that it is born as a result of some changes made in Android 10. In particular, it appears that the original data of the edited images remains saved in the files.

In short, a rather unusual and potentially risky vulnerability. Users, therefore, if they have not already done so, will have to update your device to the latest available security patches and pay close attention to modified screenshots posted in the past.