Security News > 2023 > March > Google Pixel flaw allowed recovery of redacted, cropped images

Google Pixel flaw allowed recovery of redacted, cropped images
2023-03-20 14:54

An 'Acropalypse' flaw in Google Pixel's Markup tool made it possible to partially recover edited or redacted screenshots and images, including those that have been cropped or had their contents masked, for the past five years.

The Markup tool is a built-in image editor that allows you to redact, crop, and change images on an Google Pixel device.

The researchers also published an Acropalypse screenshot recovery utility online to allow Pixel owners to test their own redacted images and see if they are recoverable.

Despite Google fixing the problem in the recent update for the Pixel phones, any images shared in the past five years are vulnerable to the Acropalypse attack, and nothing can be done to remediate this.

It should be noted that Google has released the March 2023 security update for Pixel 4a, 5a, 7, and 7 Pro with a week of delay due to coinciding with the quarterly "Pixel feature drop" and also the discovery of 18 zero-day flaws on Exynos modems used in the Pixel 6 and 7 series.

A similar issue with reversible cropping was recently discovered on Google Docs, enabling people with view-only access to recover original versions of cropped images in shared documents.


News URL

https://www.bleepingcomputer.com/news/security/google-pixel-flaw-allowed-recovery-of-redacted-cropped-images/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 102 256 4320 4678 741 9995