Daily Authority: 🔐 Pixel's 'Acropalypse' security flaw

😎 Good morning! It’s the start of a new week, and a fresh new Daily Authority, rounding up the day’s tech headlines. Paula here, covering for Andy, and I’ll be with you tomorrow too, before I finish my replay of Heavy Rain. It looks good on the PS5 and holds up pretty well for a 13-year-old game! Let’s kick off today’s newsletter with a couple of security-related stories…

Severe security flaw found in the Markup tool on Pixel phones

Security researcher Simon Aarons discovered a security flaw in the markup tool on Pixels.

• The flaw, dubbed “Acropalypse” lets hackers un-redact and uncrop edited screenshots.
• This could be dangerous as it could potentially allow anyone to un-redact sensitive information you’ve hidden using the markup tool — e.g. if you sent a bank statement screenshot but hid your account number.
• The markup tool, released in 2018 with Android 9, lets you “markup” screenshots by cropping, highlighting, drawing, or adding text.

What’s the good news?

• Firstly, if you shared screenshots on social media or most messaging apps, you’re safe. Most of these apps compress and re-process any shared images, so the hack isn’t possible.
• However, any screenshots shared on Discord prior to January could be affected, as the social media app only began stripping screenshots of these details in that month.
• Google’s March 2023 security update fixes the issue, but any screenshots you shared prior to updating your Pixel could still be at risk.
• You can use Aarons’ technical demo to find out if your edited screenshots can be unredacted.

Exynos chip vulnerabilities update: Is your device affected?

Last week, we warned about active vulnerabilities in Samsung’s Exynos modems that could give hackers access to your device.

• Google’s Project Zero security research team posted a blog highlighting these vulnerabilities and four of the 18 identified were severe and could allow hackers to access your phone with just your phone number.
• Samsung Semiconductor’s updated advisories removed the Exynos W920 (which we included in our original list of affected devices) as an affected chipset, and replaced the Galaxy A21 with the A21S.
• Affected devices included the Samsung S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04 series, the Pixel 6 and Pixel 7 series, Vivo S16, S15, S6, X70, X60 and X30 series, and any vehicles using the Exynos Auto T5123 chipset.
• Google patched the issues in its March security update for Pixel 7 series devices.
• The Pixel 6, Pixel 6 Pro, and Pixel 6a are still to receive the update though, putting them at risk.
• We’re still waiting on Samsung and other vendors to resolve these issues.
• Meanwhile, if you’re the owner of one of these devices, Google recommends turning off Wi-Fi calling and Voice-over-LTE (VoLTE) on your phone.
• You should also keep an eye out for any upcoming security updates and grab them as soon as possible.

Roundup

📱 Samsung Galaxy S23 FE: Everything we know so far and what we want to see, from features and specs to a possible release date (Android Authority).

👀 Leaked Samsung Galaxy A24 promo reveals almost everything about the phone, could have a pretty impressive display for the price (Android Authority).

⌚ Also: Samsung Galaxy Watch 6 battery sizes revealed in new listing (Android Authority).

🎮Waiting for the Meta Quest 3? Here’s everything we know so far and what we want to see (Android Authority).

🔐 New Zealand is the latest country to ban TikTok from government devices, citing security concerns (Engadget).

❓ We benchmarked the Snapdragon 7 Plus Gen 2 to see if it’s a rival to 2022’s flagship silicon (Android Authority).

🍎 Six months on, does the Apple iPhone 14 Pro still hold up? Check out our review revisit to find out (Android Authority).

😢 In case you missed Friday’s sad news: Lance Reddick, ‘The Wire’ and ‘John Wick’ star, dies at 60 (Variety).

📺 Speaking of, Mashable‘s John Wick: Chapter 4 review is in, and it may be the best John Wick movie yet (Mashable).

😲 Diablo 4’s pre-order beta beset by connectivity issues and long queues (Rock Paper Shotgun).

🍄 Finally: The Last of Us’ famous ending was almost changed for the show (Spoiler alert if you haven’t watched the finale yet!) (Kotaku).

Monday Meme

Never really thought about it, but it’s true…

Have a great Monday!

Paula Beaton, Copy Editor.