A security flaw in Pixel's screenshot editing utility Markup may allow bad actors to restore cropped or edited images and potentially discover sensitive information.
As spotted by 9to5Google, the vulnerability was discovered by reverse engineers Simon Aarons and David Buchanan and reported to Google in early January. While the flaw has been fixed with the March 2023 update, older photos may still be at risk.
Also Read | TikTok bans: What the evidence says about security and privacy concerns
Dubbed "acropalypse," the flaw allows bad actors to partially recover the original, unedited image data of the cropped photo.
For instance, if you were to send someone a screenshot of your bank card with numbers redacted, another user might be able to un-censor the image and recover your card credentials.
In the example image, the engineers were able to recover 80 percent of the original image, including the credentials. Only the top 20 percent of the image was corrupted.
Also Read | Blizzard working to fix long queue times for Diablo IV beta players
They explained that when an image is cropped using Markup, it saves the edited version of the screenshot at the same file location as the original but does not delete it. This means bad actors can recover the portions of the original image data left behind.
Most social media sites such as Twitter re-process images when they are uploaded, thereby deleting the traces of original data left in the image. However, if you have been on Discord lately, then any images shared on the platform before January 17 may still have this flaw.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
