https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21036

Pixel Update Bulletin—March 2023

CVE: CVE-2023-21036
References: A-264261868
Type: ID(Information disclosure)
Severity: High
Subcomponent: Markup

技術情報

• https://twitter.com/ItsSimonTime/status/1636857478263750656
• Exploiting aCropalypse: Recovering Truncated PNGs

直接原因

Undocumented behavior change in Android 10: mode "w" no longer truncates

There's an undocumented (as far as I can tell) behavior change in Android 10 when using mode "w" with ParcelFileDescriptor.parseMode.

Android 9 and below
Using mode "w" and writing to a file that already exists truncates the file, completely overwriting it.

Android 10 and above
Using mode "w" and writing to a file that already exists no longer truncates the file being overwritten. This can result in a corrupt file if the new file is smaller than the old file.

技術デモ

• https://acropalypse.app/
  • https://github.com/simontime/acropalypse-tool
• https://gist.github.com/DavidBuchanan314/93de9d07f7fab494bcdf17c2bd6cef02
• https://github.com/infobyte/CVE-2023-21036

紹介記事

• Severe exploit could expose sensitive data on Pixel screenshots previously cropped
• Google Pixelのスクショ編集機能に脆弱性　3月更新で修正済みだがPNG画像の個人情報漏えいの恐れ - ITmedia Mobile
• Google Pixelのスクショ編集で消した部分が復元される脆弱性「aCropalypse」、塗り潰しや切り取り範囲外を復活
• Google Pixelのスクリーンショット編集機能に脆弱性、個人情報の漏えいにつながる危険も

https://twitter.com/David3141593/status/1638222624084951040

https://pc.watch.impress.co.jp/docs/news/yajiuma/1487526.html

https://twitter.com/sjmurdoch/status/1638623990817103888