The recent “acropalypse” vulnerabilities in Android and Windows 11 showed yet again the dangers of relying on image processing tools to redact images [1][2]. While many image formats are still fundamentally “pixel” based, many have gone beyond simple “array of pixel” formats. Added compression, metadata, and other optimization features can make it difficult to remove information from images. This is not a new issue and has been a problem many times [3].
Article Link: https://isc.sans.edu/diary/rss/29666