Screenshots edited in Pixels' markup tool could be un-edited with aCropalypse exploit

[6pack]

Researchers Simon Aarons and David Buchanan have gone public with an exploit they are dubbing "aCropalypse" which, in essence, allows anyone to take a PNG screenshot cropped in Android's default markup tool and undo at least some of the edits to produce portions of the image that were not intended for viewing. While the exploit was reported to Google and is patched in the March security update for Pixels (see CVE-2023-21036), redacted images sent on certain platforms — including, but not limited to Discord prior to mid-January — through the last several years could be at risk of being exposed.

Source: https://www.androidpolice.com/android-pixel-markup-exploit-discord-acropalypse/

Test your cropped png images here.

acropalypse screenshot recovery utility

My pixel 6a looks like it is affected. Saw some garbage pixels in the output.