科技回声

9 条评论

hewtronic大约 2 年前

For a hint at how the bug works, see this <a href="https://issuetracker.google.com/issues/180526528" rel="nofollow">https://issuetracker.google.com/issues/180526528</a> (more details coming soon™)From <a href="https://twitter.com/David3141593/status/1636979466860744704" rel="nofollow">https://twitter.com/David3141593/status/1636979466860744704</a>Also: you [can] do a basic check with tools like exiftool - it will report "Warning: [minor] Trailer data after PNG IEND chunk" on vulnerable images.From: <a href="https://twitter.com/David3141593/status/1636981307891671041" rel="nofollow">https://twitter.com/David3141593/status/1636981307891671041</a>

评论 #35208667 未加载

e4e5大约 2 年前

Nice write-up here: <a href="https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html" rel="nofollow">https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse...</a>

ZiiS大约 2 年前

The fact this wasnt triaged as a security bug is unforgivable <a href="https://issuetracker.google.com/issues/180526528" rel="nofollow">https://issuetracker.google.com/issues/180526528</a>

评论 #35209229 未加载

jsjohnst大约 2 年前

These types of issues are exactly why whenever it’s sensitive, I screenshot, crop/edit, then screenshot the crop’d/edited screenshot. There’s other possible issues than this bug (like iOS’s non-destructive edits by default), so it’s better to be safe than sorry.

评论 #35214926 未加载

评论 #35225035 未加载

dividuum大约 2 年前

Wait. Wouldn’t that mean that cropped images have the same file size as the uncropped version? Nobody noticed that in all those years?

评论 #35211465 未加载

PenguinRevolver大约 2 年前

A demo is available here: <a href="https://acropalypse.app/" rel="nofollow">https://acropalypse.app/</a>

评论 #35209027 未加载

tyingq大约 2 年前

I don't see any sort of background at all on how it's working. There's metadata in the image that helps reconstruct the original? Or something about how Discord does the attachment, or?Ah, one commenter offered this:"It looks like when the edits make the PNG smaller it saves the original number of bytes, overflowing its own buffer and leaving a bunch of unintended IDAT chunks to find :). Did you talk to Google about this before taking to twitter though?"<a href="https://twitter.com/Bottersnike237/status/1636892723012665344" rel="nofollow">https://twitter.com/Bottersnike237/status/163689272301266534...</a>

评论 #35208288 未加载

zoklet-enjoyer大约 2 年前

I can crop screenshots with a Google screenshot app??? I always use Snapseed

tgsovlerkhgsel大约 2 年前

Little detail on how this works. I initially thought it's based on thumbnails, but the high quality of the recovered image and the damage at the beginning makes me think it's something else.

评论 #35217959 未加载

评论 #35208203 未加载

9 条评论

hewtronic大约 2 年前

评论 #35208667 未加载

e4e5大约 2 年前

Nice write-up here: <a href="https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html" rel="nofollow">https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse...</a>

ZiiS大约 2 年前

The fact this wasnt triaged as a security bug is unforgivable <a href="https://issuetracker.google.com/issues/180526528" rel="nofollow">https://issuetracker.google.com/issues/180526528</a>

评论 #35209229 未加载

jsjohnst大约 2 年前

评论 #35214926 未加载

评论 #35225035 未加载

dividuum大约 2 年前

Wait. Wouldn’t that mean that cropped images have the same file size as the uncropped version? Nobody noticed that in all those years?

评论 #35211465 未加载

PenguinRevolver大约 2 年前

A demo is available here: <a href="https://acropalypse.app/" rel="nofollow">https://acropalypse.app/</a>

评论 #35209027 未加载

tyingq大约 2 年前

评论 #35208288 未加载

zoklet-enjoyer大约 2 年前

I can crop screenshots with a Google screenshot app??? I always use Snapseed

tgsovlerkhgsel大约 2 年前

Little detail on how this works. I initially thought it's based on thumbnails, but the high quality of the recovered image and the damage at the beginning makes me think it's something else.

评论 #35217959 未加载

评论 #35208203 未加载

Acropalypse: a vulnerability in Google's screenshot editing tool

9 条评论

Acropalypse: a vulnerability in Google's screenshot editing tool

9 条评论