Avatar of Andrea Pavone
Andrea Pavone

CVE-2023-21036 Acropalypse

It appears that for over 5 years, the cropping and editing tools for screenshots on Google Pixel phones have only been overwriting the beginning of the screenshot PNG file, without properly truncating it. As a result, any screenshots shared during this time period may have recoverable data within them.

This vulnerability, known as CVE-2023-21036, could potentially be exploited by attackers to gain access to sensitive data contained within these screenshots. If you are a Google Pixel user, it is advised to pay attention and check whether you have shared any screenshots during the affected time period.

Please refer to the original article by David Buchanan at the following link for more information: https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html

It is important to note that similar issues have been identified in other devices and software as well. For instance, a privacy bug was recently discovered in the Windows 11 snipping tool, which also allowed attackers to access cropped image content. This highlights the importance of regularly reviewing and updating your device's software and being aware of potential vulnerabilities.

Thank you for your attention, and have a great day.