Gregory's ServerI tried it on a screenshot from just a week ago. This is absolutely scary.
First image is the screenshot I saved after cropping. Second is what the demo app managed to recover.
|
14 comments
  @marnanel it's all client side, nothing gets uploaded. At least in its current version I was using.  @delroth@mastodon.delroth.net You would assume it would be common sense not to do this  @delroth I've noticed something that might be related. this may explain how they can have the "save vs save as" option when making small changes like a crop or "enhance" photo edits. If you pick save, it doesn't make a new file but must save the image adjustment data in a similar manner. I'm sure digging into a larger data sample size could turn up some more info @Crazypedia that's the Google Photos crop tool which I'm pretty sure is different from the screenshot crop tool (and not vulnerable). PoC author @retr0id published his writeup about how the bug was found, I strongly encourage you to give it a read and a follow: https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html @delroth If iOS has a similar bug, I am screwed, lol. But I’ve always thought something like this *might* be possible, so maybe it’s fine. @frankie 👆 I guess we’ve gotta make sure our screenshots are JPEGs… https://mastodon.delroth.net/@delroth/110043776803548821  @delroth Yeah, without being a zlib expert, I think the smaller the crop the more likely the original is recoverable. |
Another one showing how a smaller crop can end up revealing even more of the original screenshot image.