Pierre BourdonMar 18, 2023

CVE-2023-21036 / acropalypse is absolutely bonkers.

Apparently for 5+ years the cropping / editing tools for screenshots on Google Pixel phones was only overwriting the start of the screenshot PNG file, but not truncating.

All screenshots shared for the past 5+ years might have data recoverable from them. Demo available at https://acropalypse.app/

Google still hasn't communicated anything on this.

(h/t ItsSimonTime on Musk's site)

acropalypse screenshot recovery utility

Show threadBarney LauranceMar 18, 2023

@delroth The most surprising thing to me is that it apparently took 5 years for anyone willing to publish to go looking for these pixels.

Do we know what code module has the bug and whether it could be used anywhere else that isn't a Pixel phone?

Show threadOndřej Pokorný
@bdsl @delroth The most surprising thing to me is that for 5+ years nobody noticed a cropped Android screenshot takes up exactly the same space as the original.
I guess that's due to the tendency to hide the file system paradigm from users on the two dominant mobile operating systems.
Mar 18, 2023 at 4:21pmWeb