Google’s Pixel phones are usually lauded for their security features, but a newly discovered vulnerability has put users’ privacy at risk. According to reports, a flaw in Pixel’s Markup screenshot tool could allow bad actors to undo edits and redactions made to images.
The flaw, dubbed “aCropalypse,” was discovered by reverse engineers Simon Aarons and David Buchanan and has been around for at least five years, coinciding with the release of Markup alongside Android 9 Pie in 2018.
If exploited, the vulnerability could reveal sensitive information that was previously redacted by a user. For example, if a Pixel owner used Markup to redact an image that included sensitive information about themselves, someone could exploit the flaw to reveal that information.
While the March security patch will prevent Markup from compromising future images, some screenshots Pixel users may have shared in the past are still at risk.
The vulnerability is particularly concerning because it has been around for so long, and Google has yet to release a patch for all Pixel devices.
Currently, the March security update is only available on the Pixel 4a, 5a, 7, and 7 Pro, meaning that Markup can still produce vulnerable images on some Pixel devices. It’s unclear when Google will push the patch to other Pixel devices.
Users on some platforms, such as Twitter, are protected from the vulnerability. However, others like Discord, which did not patch out the exploit until its recent January 17th update, are still at risk.
It’s unclear if images shared on other social media and chat apps were left similarly vulnerable.
Google has not yet commented on the issue, but security experts are advising Pixel users to avoid using Markup to share sensitive images until the patch is released for all devices.
With the increasing amount of personal information stored on mobile devices, vulnerabilities like this one serve as a stark reminder of the importance of strong security measures.
Leave a Reply