Wednesday, March 22

“Acropalypse” Android screenshot bug turns into a 0-day Windows vulnerability

Windows 10 and 11 have their own version of the Acropalypse screenshot editing bug.

Enlarge / Windows 10 and 11 have their own version of the Acropalypse screenshot editing bug. (credit: acropalypse.app/Andrew Cunningham)

Earlier this week, programmer and "accidental security researcher" Simon Aarons disclosed a bug in Google's Markup screenshot editing tool for its Pixel phones. Dubbed "acropalypse," the bug allows content you've cropped out of your Android screenshot to be partially recovered, which can be a problem if you've cropped out sensitive information.

Today, Aarons' collaborator, David Buchanan, revealed that a similar bug affects the Snipping Tool app in Windows 11. As detailed by Bleeping Computer, which was able to verify the existence of the bug, PNG files all have an "IEND" data chunk that tells software where the image file ends. A screenshot cropped with Snipping Tool and then saved over the original (the default behavior) adds a new IEND chunk to the PNG image but leaves a bunch of the original screenshot's data after the IEND chunk.

Buchanan says that a version of the acropalypse script "with minor changes" can be used to read and recover that data, partially restoring the part of the image you cropped out of your original screenshot. Buchanan is "holding off on publishing" Windows-compatible versions of those scripts since Microsoft (unlike Google) hasn't had time to patch the vulnerability.

Read 2 remaining paragraphs | Comments

No comments:

Post a Comment