Superhero fatigue seems to be hitting both Marvel and DC hard. Alongside a kind of mid-level audience response to Quantumania (it did good, like it made money, but it wasn’t great), Shazam! Fury of the Gods is likewise underperforming at the box office. While Variety reports that Shazam 2 opened at number 1 this…
Cute watering cans, stylish pots and more.
Are you in the market for a new car and wondering if Audi is the right choice? Here’s what you should know about its reliability and maintenance costs.
The Steam Deck is a great way to play your favorite PC games anywhere, but the battery life can be lacking. That’s where these power banks come in handy.
Featuring products I and other reviewers have actually used for years, so you know they’re worth it.
Though many have grown familiar with the NASA acronym for the U.S. aerospace organization, it stems from an older administration that started it all.
Keeping tabs on your new habits can be a challenging task. Fortunately, there are easy ways to stay on top of your habits: Android widgets.
You might think a company with a name consisting of three letters would be short enough for fans, but BMWs have long been referred to as “Beamers.” Why?
A few weeks ago, Anthony Mackie got the passcode to read the upcoming script for Captain America: New World Order. During an appearance on The Kelly Clarkson Show, Mackie describes procedures for reading Marvel scripts, which seem to require about the same security clearance as nuclear code access. “We literally get a…
When Google began rolling out Android’s March security patch earlier this week, the company addressed a “High” severity vulnerability involving the Pixel’s Markup screenshot tool. Over the weekend, Simon Aarons and David Buchanan, the reverse engineers who discovered CVE-2023-21036, shared more information about the security flaw, revealing Pixel users are still at risk of their older images being compromised due to the nature of Google’s oversight.
In short, the “aCropalypse” flaw allowed someone to take a PNG screenshot cropped in Markup and undo at least some of the edits in the image. It’s easy to imagine scenarios where a bad actor could abuse that capability. For instance, if a Pixel owner used Markup to redact an image that included sensitive information about themselves, someone could exploit the flaw to reveal that information. You can find the technical details on Buchanan’s blog.
Introducing acropalypse: a serious privacy vulnerability in the Google Pixel’s inbuilt screenshot editing tool, Markup, enabling partial recovery of the original, unedited image data of a cropped and/or redacted screenshot. Huge thanks to @David3141593 for his help throughout! pic.twitter.com/BXNQomnHbr
— Simon Aarons (@ItsSimonTime) March 17, 2023
According to Buchanan, the flaw has existed for about five years, coinciding with the release of Markup alongside Android 9 Pie in 2018. And therein lies the problem. While March’s security patch will prevent Markup from compromising future images, some screenshots Pixel users may have shared in the past are still at risk.
It’s hard to say how concerned Pixel users should be about the flaw. According to a forthcoming FAQ page Aarons and Buchanan shared with 9to5Google and The Verge, some websites, including Twitter, process images in such a way that someone could not exploit the vulnerability to reverse edit a screenshot or image. Users on other platforms aren’t so lucky. Aarons and Buchanan specifically identify Discord, noting the chat app did not patch out the exploit until its recent January 17th update. At the moment, it’s unclear if images shared on other social media and chat apps were left similarly vulnerable.
Google did not immediately respond to Engadget’s request for comment and more information. The March security update is currently available on the Pixel 4a, 5a, 7 and 7 Pro, meaning Markup can still produce vulnerable images on some Pixel devices. It’s unclear when Google will push the patch to other Pixel devices. If you own a Pixel phone without the patch, avoid using Markup to share sensitive images.
This article originally appeared on Engadget at https://www.engadget.com/google-pixel-vulnerability-allows-bad-actors-to-undo-markup-screenshot-edits-and-redactions-195322267.html?src=rss
This is site is run by Sascha Endlicher, M.A., during ungodly late night hours. Wanna know more about him? Connect via Social Media by jumping to about.me/sascha.endlicher.
