Google fixed a “High” severity bug affecting the Markup snapshot feature on the Pixel earlier this week when it started distributing Android’s March security patch. Reverse engineers Simon Aarons and David Buchanan revealed new details about the security weakness over the weekend, showing Pixel customers are still at risk of having their earlier photographs exposed due to the nature of Google’s supervision.
In essence, the “aCropalypse” bug allowed someone to erase at least some of the alterations made to a picture using a PNG snapshot that had been cropped in Markup. It’s simple to envision situations in which a terrible person would take advantage of such capacity. Someone may use the weakness to divulge personal information, for example, if a Pixel owner used Markup to redact an image that contained sensitive information about themselves. The technical information is available on Buchanan’s blog.