Dhruv Bhutani / Android Authority
đ Good morning! Itâs the start of a new week, and a fresh new Daily Authority, rounding up the dayâs tech headlines. Paula here, covering for Andy, and Iâll be with you tomorrow too, before I finish my replay of Heavy Rain. It looks good on the PS5 and holds up pretty well for a 13-year-old game! Letâs kick off todayâs newsletter with a couple of security-related storiesâŚ
Severe security flaw found in the Markup tool on Pixel phones
Security researcher Simon Aarons discovered a security flaw in the markup tool on Pixels.
- The flaw, dubbed âAcropalypseâ lets hackers un-redact and uncrop edited screenshots.
- This could be dangerous as it could potentially allow anyone to un-redact sensitive information youâve hidden using the markup tool â e.g. if you sent a bank statement screenshot but hid your account number.
- The markup tool, released in 2018 with Android 9, lets you âmarkupâ screenshots by cropping, highlighting, drawing, or adding text.
Whatâs the good news?
- Firstly, if you shared screenshots on social media or most messaging apps, youâre safe. Most of these apps compress and re-process any shared images, so the hack isnât possible.
- However, any screenshots shared on Discord prior to January could be affected, as the social media app only began stripping screenshots of these details in that month.
- Googleâs March 2023 security update fixes the issue, but any screenshots you shared prior to updating your Pixel could still be at risk.
- You can use Aaronsâ technical demo to find out if your edited screenshots can be unredacted.
Exynos chip vulnerabilities update: Is your device affected?
Eric Zeman / Android Authority
Galaxy S22 Ultra vs Pixel 6 Pro
Last week, we warned about active vulnerabilities in Samsungâs Exynos modems that could give hackers access to your device.
- Googleâs Project Zero security research team posted a blog highlighting these vulnerabilities and four of the 18 identified were severe and could allow hackers to access your phone with just your phone number.
- Samsung Semiconductorâs updated advisories removed the Exynos W920 (which we included in our original list of affected devices) as an affected chipset, and replaced the Galaxy A21 with the A21S.
- Affected devices included the Samsung S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04 series, the Pixel 6 and Pixel 7 series, Vivo S16, S15, S6, X70, X60 and X30 series, and any vehicles using the Exynos Auto T5123 chipset.
- Google patched the issues in its March security update for Pixel 7 series devices.
- The Pixel 6, Pixel 6 Pro, and Pixel 6a are still to receive the update though, putting them at risk.
- Weâre still waiting on Samsung and other vendors to resolve these issues.
- Meanwhile, if youâre the owner of one of these devices, Google recommends turning off Wi-Fi calling and Voice-over-LTE (VoLTE) on your phone.
- You should also keep an eye out for any upcoming security updates and grab them as soon as possible.
Monday Meme
Never really thought about it, but itâs trueâŚ
Have a great Monday!
Paula Beaton, Copy Editor.