Pierre BourdonMar 18, 2023

CVE-2023-21036 / acropalypse is absolutely bonkers.

Apparently for 5+ years the cropping / editing tools for screenshots on Google Pixel phones was only overwriting the start of the screenshot PNG file, but not truncating.

All screenshots shared for the past 5+ years might have data recoverable from them. Demo available at https://acropalypse.app/

Google still hasn't communicated anything on this.

(h/t ItsSimonTime on Musk's site)

acropalypse screenshot recovery utility

Show threadSimon Kowalewski
@delroth How can people not notice for 5 years that cropping a tiny bit out of a 1 meg PNG yields a 1 meg PNG? Or is just nobody using Pixel phones?
Mar 18, 2023 at 3:08pmWeb
Show threadAT-AT Assault 🏳️‍⚧️Mar 18, 2023

@deBaer @delroth

Most people aren't checking the file sizes of their phone based files. Especially since that's not data that is presented to you by default. Unlike, say, if I were to open an explorer window in Windows, go to a file, edit it drastically, and instantly see the file size info change in explorer.