We will take action as needed to help keep customers protected." – Jeff Jones, Sr Director, Microsoft "We are aware of these reports and are investigating. I opened a 198 byte PNG with Microsoft's Snipping Tool, chose "Save As" to overwrite a different PNG file (no editing), and saves a 4,762 byte file with all that extra after the PNG IEND chunk.
I've got a fun one for you all to look at. Blume's tweet was instrumental in Buchanan's discovery of the vulnerability in Snipping Tool. Chris Blume, who chairs the working group for the PNG image format that Snipping Tool uses, drew attention to the issue by tweeting that Snipping Tool may not truncate files accurately when overwriting existing images. Huge thanks to for his help throughout! /BXNQomnHbrįollowing the announcement of the "acropalypse" vulnerability, there has been an increased interest in examining other screenshotting tools. Introducing acropalypse: a serious privacy vulnerability in the Google Pixel's inbuilt screenshot editing tool, Markup, enabling partial recovery of the original, unedited image data of a cropped and/or redacted screenshot.
The images created using the tool might still exist, and the portions that were intended to be cropped out may remain unaltered, leading to privacy concerns. Recently, Buchanan and fellow researcher Simon Aarons had warned about the "acropalypse" vulnerability affecting Pixels, emphasizing that even if this issue gets fixed, the problem does not go away entirely.
0 kommentar(er)
