Pierre BourdonMar 18, 2023

CVE-2023-21036 / acropalypse is absolutely bonkers.

Apparently for 5+ years the cropping / editing tools for screenshots on Google Pixel phones was only overwriting the start of the screenshot PNG file, but not truncating.

All screenshots shared for the past 5+ years might have data recoverable from them. Demo available at https://acropalypse.app/

Google still hasn't communicated anything on this.

(h/t ItsSimonTime on Musk's site)

acropalypse screenshot recovery utility

Show threadMylanMar 18, 2023
@delroth I wonder if Google patched this for the Pixel 7 since I can't get it to work. Weird stuff.
Show threadPierre Bourdon
@mylan it should be part of the March security update which got rolled out to Pixel 7 earlier this week. Still no update for Pixel 6 though...
Mar 18, 2023 at 1:05pmWeb
Show threadMylanMar 18, 2023
@delroth ah that explains it. Sorry if this was explained earlier I tried to read it all. Definitely don't mean to downplay the severity of it, this is kinda wild. I've certainly cropped screenshots because of sensitive info and nowhere we are. Hopefully those screenshots aren't floating around somewhere anymore 🙄