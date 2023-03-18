



In addition to the Samsung Exynos modem issue, Android 13 QPR2 with the March 2023 security update fixes a vulnerability in the Pixel markup screenshot tool.

Simon Aarons, dubbed aCropalypse, identified this vulnerability (CVE-2023-21036) in early January and reported it to Google.

Screenshots that have been cropped using the Markup app built into Google Pixel devices may not be retroactively cropped or edited in many situations.

Released with Android 9 Pie in 2018, the built-in markup utility lets you edit (crop, add text, draw, and highlight) screenshots on your Pixel phone.

problem

For example (as shared on Twitter) you uploaded a screenshot from a fictitious banking app/website with a picture of a credit/debit card. Cut out everything except the card, then use the Markup Pen tool to black out the 16 digit number. Then share that message on a service like Discord.

A vulnerability in the markup scheme allows someone who has downloaded the image to perform a partial restoration of the original, unedited image data. [the] Cropped and/or edited screenshots. In the above case, the malicious person could remove the black lines and see about 80% of her screenshots full, which may contain credit his card number and other sensitive information. increase.

The top 20% of the images are corrupted, but the rest of the images (including the photo of the credit card with the number visible) are fully restored.

This can be a problem if you share screenshots with addresses, phone numbers, or other personal information.

1: Original Screenshot | 2: In Markup | 3: Crop and Draw on Image | 4: Using Demo Tools

Which screenshots are affected?

The privacy impact of this bug comes from people sharing cropped images [that] It unwittingly included extra data. Luckily, most social media services reprocess uploaded images. This strips trailing data and mitigates the vulnerability. For example, Twitter is safe from Acropallipse. Below is an incomplete list of known vulnerable services and apps commonly used to share images: (i.e. services that do not remove subsequent image data)

Discord (as of January 17th, trailing data will be removed from newly uploaded images; however, screenshots submitted before that date are still vulnerable) (Google is working with Discord to make this change It is unknown whether it was done by accident or by chance)

At this time, we know that screenshots uploaded to Discord before changes to the service in mid-January 2023 are affected.

There is a demo tool that allows you to upload screenshots and see if previously shared images are affected.

Technical explanation

When you crop an image using markup, the edited version is saved in the same location as the original file. However, it does not erase the original file before writing the new file. If the new file is smaller, the trailing portion of the original file is left after the new file should have ended.

A technical article with root cause analysis is available and an FAQ is coming soon.

The markup issue was fixed in the March 2023 security patch, and CVE-2023-21036 is listed as High severity. This Pixel update is available now for Pixel 4a-5a, 7, and 7 Pro.

Updating…

thanks david

