A security flaw affecting the Google Pixel’s default screenshot editing utility, Markup, has been patched by Google. The flaw, known as the “aCropalypse,” allows partially edited images to be recovered, potentially revealing personal information that users had attempted to hide. The vulnerability was discovered by reverse engineers Simon Aaarons and David Buchanan but has implications for edited screenshots shared prior to the update. The flaw exists because Markup saves the original screenshot in the same file location as the edited one and never deletes the original version. This means that edited versions of the screenshot that are smaller than the original can leave the trailing portion of the original file behind after the new file has supposedly ended, potentially exposing personal details. The vulnerability could be exploited to reverse some of those changes and obtain information users thought they had been hiding.
Google Pixel’s ‘aCropalypse’ hack undoes image alterations in under 150 characters.
