Galaxy Tab S11: Save up to $650 with a trade-in!
Best Samsung Holiday deals right now
Best Samsung Holiday deals right now
Save big on Galaxy S25 Ultra, Fold 7, Flip 7 and Galaxy Tabs.

Pixel vulnerability that hits the Markup screenshot editing tool is potentially dangerous

0comments
By
Add as a preferred source on Google
Android Software updates Google Google Pixel
Pixel vulnerability that hits the Markup screenshot editing tool is potentially dangerous
Tomorrow, Pixel 6 users should be able to install the stable version of QPR2 which includes the March security patch. And while those who installed the QPR3 Beta 1 update (like yours truly) already have the March security patch, the rest of those using the Pixel 6 series will be covered from a nasty vulnerability that allows a bad actor with knowledge of only a phone number to access incoming and outgoing data via a flaw in the Exynos modem chip used on these devices.

Another vulnerability is patched by the March security patch although merely installing the update won't make all of your problems go away. As per 9to5Google, reverse engineers Simon Aaarons and David Buchanan discovered a flaw dubbed "aCropalypse" that affects the Pixel's own screenshot editing tool which is known as Markup. The flaw could allow a bad actor to reverse edits made of PNG screenshots in Markup.

Markup was released as part of Android 9 Pie in 2018 and allows users to crop, draw, add text, and highlight screenshots. As an example, let's say you took a screenshot of your credit card from your bank's website. You crop out everything except for the card number that you cover up using the black marker tool available via Markup. If you share this image on certain platforms, the vulnerability can allow the attacker to see most of the original, unedited screenshot before it was cropped or edited.

Recommended For You

Example of how the aCropalypse flaw can expose personal information from an edited screenshot - Pixel vulnerability that hits the Markup screenshot editing tool is potentially dangerous
Example of how the aCropalypse flaw can expose personal information from an edited screenshot

In other words, the edits can be reversed and the black lines covering the card's account number will disappear revealing the information that was hidden. In fact, 80% of the screenshot can be recovered possibly allowing other personal information such as addresses, phone numbers, and other private data to be viewed.

This occurs because Markup saves the original pre-edited, pre-cropped screenshot in the same file location as the edited screenshot and never deletes the original image. Some platforms such as Twitter will reprocess the image which removes the flaw, Discord, didn't patch its site until January which means images posted on the platform before January 17th could be vulnerable.

The flaw was designated in the March security patch as CVE-2023-21036. CVE stands for Common Vulnerabilities and Exposures and is used to identify, catalog, and promote flaws.

There is a website that you can use at acropalypse.app (or tap on this link) to determine whether a screenshot you previously shared can be exploited. Considering that this vulnerability first surfaced as long as five years ago, you might have some shared screenshots that you edited to hide certain information. The hidden data could be at risk depending on the platform you shared it on even after you install the March security update on your Pixel phone.

Grab the Pixel 10 at Mint Mobile for $450 off

$349
$799
$450 off (56%)
Mint Mobile now sells the Google Pixel 10 with a massive $450 discount. The promo is available on select color variants with 128GB of storage. You also get a 12-month unlimited data plan for $180 instead of $360.
Buy at Mint Mobile

Pixel 10 Pro: now $475 off at Mint

$524
$999
$475 off (48%)
Grab the pro-grade, compact Pixel 10 Pro at Mint Mobile with a 12-month unlimited plan, and you can save a huge $475. The data plan comes with a discount, too: 50% off, to be exact.
Buy at Mint Mobile

The Pixel 10 Pro XL is $700 off at Mint right now

$499
$1199
$700 off (58%)
The high-end Gemini AI-enhanced Pixel 10 Pro XL is now available with a mind-blowing discount. You can now save $700 on the phone, plus 50% off unlimited 12-month plans.
Buy at Mint Mobile

The Pixel 10 Pro Fold is now $400 off

$1399
$1799
$400 off (22%)
The foldable Pixel 10 Pro Fold is another standout holiday offer. Right now, you can get the device for $400 off at Mint Mobile. On top of that, you save $180 on 12-month unlimited data plans.
Buy at Mint Mobile
Google News Follow
Follow us on Google News
https://m-cdn.phonearena.com/images/users/39-200/Alan-F.webp
Alan Friedman Senior News Writer
Alan, an ardent smartphone enthusiast and a veteran writer at PhoneArena since 2009, has witnessed and chronicled the transformative years of mobile technology. Owning iconic phones from the original iPhone to the iPhone 15 Pro Max, he has seen smartphones evolve into a global phenomenon. Beyond smartphones, Alan has covered the emergence of tablets, smartwatches, and smart speakers.
Read the latest from Alan Friedman
COMMENTS (0)

Latest Discussions

Will the Samsung Galaxy s26 series be awesome or same old?

by Samsungisthebeast • 1

My Personal Opinion About RayNeo Air 3s Pro

by HeyRaims • 2

The start of a new era

by 30zpark • 3
Discover more from the community
Explore Related Devices

Recommended For You

Popular stories

Some T-Mobile users might be paying more starting in March [UPDATED]
Some T-Mobile users might be paying more starting in March [UPDATED]
The Galaxy S26 Ultra is pronounced DOA by thousands already: should we expect a flop?
The Galaxy S26 Ultra is pronounced DOA by thousands already: should we expect a flop?
Reps are reportedly told by managers to push this on customers visiting T-Mobile stores
Reps are reportedly told by managers to push this on customers visiting T-Mobile stores
Verizon is degrading service for some 5G customers
Verizon is degrading service for some 5G customers
Android Auto is quietly changing something you stare at every drive
Android Auto is quietly changing something you stare at every drive
Verizon has to go back on a change it already made for its Frontier acquisition to move forward
Verizon has to go back on a change it already made for its Frontier acquisition to move forward

Latest News

Samsung's Galaxy Buds 3 FE are more affordable than usual for the holidays
Samsung's Galaxy Buds 3 FE are more affordable than usual for the holidays
The three big reasons why it makes sense for the Galaxy S26 event to be delayed
The three big reasons why it makes sense for the Galaxy S26 event to be delayed
Unheard-of deal brings the Pixel Watch 4 with LTE under $300 in this variant only
Unheard-of deal brings the Pixel Watch 4 with LTE under $300 in this variant only
Our readers say this chart-topping app is far from being a fan favorite
Our readers say this chart-topping app is far from being a fan favorite
AT&T customer reveals the secret of getting this expensive charge reversed
AT&T customer reveals the secret of getting this expensive charge reversed
Extra, Extra, read all about it! The Google News app for iOS and Android gets a cool new feature
Extra, Extra, read all about it! The Google News app for iOS and Android gets a cool new feature
FCC OKs Cingular\'s purchase of AT&T Wireless