Pierre BourdonMar 18, 2023

CVE-2023-21036 / acropalypse is absolutely bonkers.

Apparently for 5+ years the cropping / editing tools for screenshots on Google Pixel phones was only overwriting the start of the screenshot PNG file, but not truncating.

All screenshots shared for the past 5+ years might have data recoverable from them. Demo available at https://acropalypse.app/

Google still hasn't communicated anything on this.

(h/t ItsSimonTime on Musk's site)

acropalypse screenshot recovery utility

Show threadaugmented jungleMar 18, 2023
@delroth
Does this also apply for custom ROMs with a similar feature (the screenshot pops up with a crop button next to it)
Show threadPierre BourdonMar 18, 2023
@instereo256 no clue, sorry -- I would ask the security contacts for your distro.
Show threadaugmented jungleMar 18, 2023

@delroth I tried uploading some crops to the site and it didn't return anything, on PC it says the file is not a PNG. It turns out my crops were saved as a separate JPEG and with a different name (IMG_* instead of Screenshot_*)

I'm using CrDroid, which I just realized is LineageOS based, so that might be it.

Show threadSimon Müller 
@instereo256 note this only happens with Google's markup screenshot editor, not what crDroid ships (I am ALSO using crDroid, if that matters)
Mar 18, 2023 at 11:48amWeb