Comment by Retr0id
3 years ago
Since you read the article beforehand, you know that this comment is entirely orthogonal to the vulnerability in question.
3 years ago
Since you read the article beforehand, you know that this comment is entirely orthogonal to the vulnerability in question.
I think it’s okay to talk about the core issue that leads to that. From the linked tweet it looks like there’s edit data stored in the image, allowing the original to be recovered?
Do you have a specific concern to warrant your comment?
It's not the core issue, and it's misleading to suggest that it is. I suggest reading the aptly named "Root Cause Analysis" section of the linked article.
I’m trying to follow the article. So it’s not the image format specifically that is holding on to the blacked out pixels, it’s the compression method that the image format uses, or more specifically, how Google’s code is handling that work?
Is this possibly a helpful feature or is it really just a terrible hack/bug that has no practical use holding on to a sort of edit history inside a PNG?
I would love a way to track some level of history in a commonly supported image format (but of course being aware of needing to strip it when appropriate)
6 replies →