Reverse engineers Simon Aaarons and David Buchanan discovered
a security flaw within the Google Pixel’s default screenshot editing tool ‘Markup’,
which has been found to have first appeared five years back when the tool was
first launched. The bug, which has been named “aCropalypse,” has caused screenshot
images to become partially “unedited,” which has also resulted in hidden
personal information being exposed online.
According to Aaarons and Buchanan, the occurrence of the flaw was possible because Markup doesn’t delete the original versions of the screenshots and saves them in the same file location as the edited ones. Moreover, if the edited screenshot file is smaller than the original, it causes the trailing portion of the original file being left behind, after the new file is supposed to have ended.
What’s concerning is that since the bug is five years old, it
means that screenshots edited with Markup and shared on social media platforms are
potentially vulnerable to the security damage.
Aarons and Buchanan informed Google about the bug in January,
which led the company to address the issue in a March security update for the
Pixel 4A, 5A, 7, and 7 Pro devices, with its severity classified as “high.” It isn’t
confirmed if or when the update will come to the other Google Pixel devices
affected by the flaw.
