Pierre BourdonMar 18, 2023

CVE-2023-21036 / acropalypse is absolutely bonkers.

Apparently for 5+ years the cropping / editing tools for screenshots on Google Pixel phones was only overwriting the start of the screenshot PNG file, but not truncating.

All screenshots shared for the past 5+ years might have data recoverable from them. Demo available at https://acropalypse.app/

Google still hasn't communicated anything on this.

(h/t ItsSimonTime on Musk's site)

acropalypse screenshot recovery utility

Show threadaugmented jungleMar 18, 2023
@delroth
Does this also apply for custom ROMs with a similar feature (the screenshot pops up with a crop button next to it)
Show threadNicolás Alvarez
@instereo256 @delroth it applies to the Markup app normally only available on Pixel phones, if the custom ROM is sideloading that app then it's vulnerable too
Mar 18, 2023 at 2:44pmWeb