Pierre BourdonMar 18, 2023

CVE-2023-21036 / acropalypse is absolutely bonkers.

Apparently for 5+ years the cropping / editing tools for screenshots on Google Pixel phones was only overwriting the start of the screenshot PNG file, but not truncating.

All screenshots shared for the past 5+ years might have data recoverable from them. Demo available at https://acropalypse.app/

Google still hasn't communicated anything on this.

(h/t ItsSimonTime on Musk's site)

acropalypse screenshot recovery utility

Show threadPierre BourdonMar 18, 2023

I tried it on a screenshot from just a week ago. This is absolutely scary.

First image is the screenshot I saved after cropping. Second is what the demo app managed to recover.

Show threadPierre BourdonMar 18, 2023
Another one showing how a smaller crop can end up revealing even more of the original screenshot image.
Show threadprincess pancake Mar 18, 2023
@delroth You would assume it would be common sense not to do this
Show threadprincess pancake Mar 18, 2023
@delroth But somehow Google went below all of my expectations in this
Show threadLisPiMar 18, 2023
@natty @delroth Yeah, what even is the benefit of doing this? You waste more storage. The user wanted to crop things for a reason.
Show threadFelix
@lispi314 @natty @delroth have a look at the article, it wasn't intentional, it was caused by bad design of an underlying library
Mar 19, 2023 at 1:49pmWeb
Show threadLisPiMar 19, 2023
@jamalix @natty @delroth Yeah, I noticed in another thread (https://mastodon.top/@lispi314/110045458847288051) but never did update this one.
LisPi (@[email protected])

@[email protected] Oh wow, that's even worse than what I thought it was. How did anyone ever think that was a good idea?

Mastodon.top