A bug was recently discovered in Google Pixel phones, now patched, with potentially serious consequences. The bug finders, understandably excited and concerned, decided to give it a fitting name: aCropalypse. The “Crop” part of the name comes from the activity that is most likely to trigger the bug: cropping photos or screenshots to remove sensitive or unwanted parts before sharing them. The bug causes a new, smaller image file to be written over the start of the old one, but the file size remains the same and the now-redundant and unwanted data at the end of the original file stays where it is. If the recipient opened the file with a more inquisitive software tool, such as a hex editor or a modified image editor, from a few bytes to a vast amount of the original image would still be there, past the official end-of-image marker. The bug also applies on Windows 11 where the Snipping Tool, like the Google Pixel Markup app, will let you crop an image without correctly cropping the file it’s saved into. To protect yourself from this bug, always save cropped files created with the Snipping Tool under a new filename. If you’re a programmer, review everywhere you create “new” files by overwriting old ones to make sure the original files are truncated when they are rewritten.
Key points:
• A bug was recently discovered in Google Pixel phones, now patched, with potentially serious consequences.
• The bug was given the name aCropalypse due to the activity that is most likely to trigger the bug: cropping photos or screenshots to remove sensitive or unwanted parts before sharing them.
• This bug causes a new, smaller image file to be written over the start of the old one, but the file size remains the same and the now-redundant and unwanted data at the end of the original file stays where it is.
• The bug also applies on Windows 11, where the Snipping Tool, like the Google Pixel Markup app, will let you crop an image without correctly cropping the file it’s saved into.
• To protect yourself from this bug, always save cropped files created with the Snipping Tool under a new filename. If you’re a programmer, review everywhere you create “new” files by overwriting old ones to make sure the original files are truncated when they are rewritten.