Acropalypse screenshot error poses a privacy risk on Android and Windows
What happened now? Users editing images on Google Pixel phones or Windows PCs need to be very careful with the tools they use. A new bug has been discovered on Google and Microsoft operating systems, due to which previously cropped images can be restored using a “universal” script that works on both systems.
There is a new security bug in the city that could create privacy issues for users on both Android and Windows platforms. The vulnerability was first discovered by security researcher Simon Aarons in the Google Markup screenshot editing tool available on Pixel smartphones, where it was dubbed “Acropalypse”. Using the error, the script could restore the part of the image left after editing.
As security researcher David Buchanan confirmed, the bug also affects recent releases of Windows. The vulnerability works with image files saved in PNG format, which dictates that the content of the image ends with an “IEND” data fragment; any data added after the IEND part will be ignored by image viewers or editing tools.
Buchanan found that when a screenshot is cropped using the Windows 11 Snipping Tool and then saved over the original image file, a new IEND data block is added to the PNG image, but part of the original screenshot is still present after the IEND data section. .
holy FUCK.
Windows Snipping Tool is also vulnerable to Acropalypse.
Completely unrelated codebase.
The same exploit script works with minor modifications (pixel format is RGBA, not RGB)
Tested myself on Windows 11 https://t.co/5q2vb6jWOn pic.twitter.com/ovJKPr0x5Y
— David Buchanan (@David3141593) March 21, 2023
With just a few “minor tweaks,” Buchanan says, the same Acropalypse script that can restore a cropped image on Android can do the same on Windows. We are only talking about a partial restoration of the original image here, but the error can be a potential privacy or security risk if the original image contains important (or even secret) data.
Acropalypse Vulnerability Affects Google Markup on Android, the Snipping Tool on Windows 11, and the Snip and Sketch Tool on Windows 10. The Exploit Has Proven to Recover Partially Erased Data in “Unoptimized” PNG Images, Buchanan. saideven though the aforementioned Snipping Tool also seems to leave extra data at the end of edited (cropped) JPEG images.
Google has already patched the vulnerability on its Pixel phones, and Microsoft is still investigating the issue. To minimize the risk, Windows users can use third-party applications for their editing and trimming tasks, where the excess data after the IEND block appears to be permanently erased.
