This Google Pixel flaw could let hackers undo all your photo cropping


A vulnerability has been discovered affecting Google Pixel users with a vulnerability that could have exposed users’ most sensitive information and may continue to do so in certain cases.
Though Google issued a fix to CVE-2023-21036 in its March update (opens in new tab), the high-risk vulnerability has been allowing hackers to undo many edits made to images on Pixel devices.
It specifically relates to the Markup feature, which allows users to edit photos such as to eliminate sensitive information from images like bank cards, either by cropping certain aspects or applying visual layers over elements.
Pixel Markup vulnerability
According to reverse engineers Simon Aarons (opens in new tab) and David Buchanan (opens in new tab), who discovered the issue, with an edited – and seemingly secure – image, a malicious actor could in some cases reverse such edits to expose sensitive information in a vulnerability that’s being dubbed ‘acropalypse.’
While many of us prefer sharing images via channels that prefer some or all of their metadata, such as Discord, this has proven less secure, exposing the vulnerability. It’s worth mentioning that Discord fixed the issue in mid-January 2023. By contrast, platforms like Twitter process images in a different way in turn leaving edits un-reversible.
The flaw stems from Android 9 Pie which coincides with the Pixel 3 family, meaning that 4, 5, 6, and latest 7 model families are also said to have been affected.
Given the age of some devices, only the Pixel 4a and newer currently receive security updates (opens in new tab) leaving some earlier models including the 4 and everything before it without official support, thus still vulnerable.
Furthermore, edited screenshots sent before updates were rolled out remain vulnerable and as such, should be removed where possible.
TechRadar Pro has asked Google to confirm whether there are still any devices that continue to expose the vulnerability, and if so, whether they will be patched.
A vulnerability has been discovered affecting Google Pixel users with a vulnerability that could have exposed users’ most sensitive information and may continue to do so in certain cases. Though Google issued a fix to CVE-2023-21036 in its March update (opens in new tab), the high-risk vulnerability has been allowing…
Recent Posts
- Alienware’s 27-inch 280Hz QD-OLED monitor is now available for $550
- The 100+ best Prime Day deals under $100
- My favorite medical comedy-drama Scrubs is getting resuscitated on Hulu, but I hope it doesn’t undergo major surgery as part of its revival
- The best Prime Day deals on Verge-favorite 4K Blu-rays
- Kodak’s retro Super 8 camcorder is outrageously expensively, but I’ve found this super-cheap digital alternative
Archives
- July 2025
- June 2025
- May 2025
- April 2025
- March 2025
- February 2025
- January 2025
- December 2024
- November 2024
- October 2024
- September 2024
- August 2024
- July 2024
- June 2024
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022