March 29, 2024

Balkan Travellers

Comprehensive up-to-date news coverage, aggregated from sources all over the world

Google Pixel 7 Pro display

A critical vulnerability has been found in the Markup Tool on Pixel phones

Hadley Simmons/Android Authority

TL; DR

  • The vulnerability in Pixel’s Markup utility allows hackers to unretouch and uncrop edited screenshots.
  • Google fixed the issue with the March 2023 security update, but Pixel screenshots shared before that remain vulnerable.

A serious flaw found in the Markup tool on Pixel phones could allow hackers to unretouch and uncrop edited screenshots. identified by the security researcher Simon Aaronsthe flaw is called “Acropalypse” and has been assigned a CVE (Common Vulnerabilities and Exposures) identifier.

Let’s say you share a screenshot of your bank statement with someone and use Pixel’s Markup tool to hide sensitive information like your bank account number or balance, the vulnerability would allow anyone to redact that confidential information, provided you send them an original screenshot file.

Security vulnerability in pixel screenshot encoding

Most of the messaging and social media apps compress and reprocess the shared images and in this case, hacking is not possible. For example, Twitter is free from Acropalypse. However, Discord only started stripping screenshots of these details in January. Any premium Pixel screenshots that were shared on the platform prior to being hacked.

Google released the Markup tool on Android 9 Pixel phones in 2018. It allows you to crop, add text, draw, and highlight screenshots. However, the vulnerability could help bad actors remove this modification and gain access to the screenshot in its original state.