TellYouThePass ransomware revived in Linux, Windows Log4j attacks
Credit card info of 1.8 million people stolen from sports gear sites
CISA urges VMware admins to patch critical flaw in Workspace ONE UEM
All Log4j, logback bugs we know so far and why you MUST ditch 2.15
Save 50% on access to 2,400 hours of IT training from ITU Online
Upgraded to log4j 2.16? Surprise, there’s a 2.17 fixing DoS
The Week in Ransomware – December 17th 2021 – Enter Log4j
TellYouThePass ransomware revived in Linux, Windows Log4j attacks
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Search Redirect
Remove the Search Redirect
Remove the Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
Take a good look at the image below and the device you are on.
Now view it again on an Apple device. Conversely, if you are using an Apple device, view this page on an Android or Windows device.
If you are using an Apple device and viewing this page on Safari, chances are the image appears quite differently from what you’d see on, for example, Chrome or an imaging app on Windows.
Reverse engineer and cryptographer David Buchanan might have left us all puzzled with his latest creation:
The PNG above reads ‘HELLO WORLD’ for most users—except those who see ‘HELLO APPLE,’ that is, in Apple-made software.
But, believe us, it is the same image a.png, interpreted differently by Apple and non-Apple applications.
In tests by BleepingComputer, on macOS Big Sur 11.6, the latest version of Chrome web browser (96.0.4664.110 (x86_64)) rendered the text in the image as ‘HELLO WORLD’. But, viewing this page on Safari, or the image alone in Mac’s ‘Preview’ app shows ‘HELLO APPLE.’
In another test by BleepingComputer on an iPhone, however, both Chrome web browser for iOS and Safari showed ‘HELLO APPLE,’ not ‘HELLO WORLD.’
Here’s one more to leave you startled a tad further—do you see an IBM or a Mac below? Once again, view this page with an Apple and non-Apple device:
On his website, Buchanan concisely explains the reason and the concept of ‘parallel-decodable PNGs’ that cause ambiguity among software applications.
Depending on an image renderer’s implementation, the same PNG may be interpreted quite differently.
“I found this while writing my own multi-threaded PNG decoder. While pondering my design, I realised that I had an exploitable implementation bug,” writes the engineer.
“After learning that Apple has their own implementation of parallel-decodable PNGs, I realised that they’d made exactly the same mistake!”
Buchanan discovered that it was possible to craft a PNG file where:
“This could happen if a ends midway through a non-compressed block. It is therefore possible for an image to have two possible interpretations, depending on whether a parallel or non-parallel decoder decodes it,” further explains Buchanan.
“This can be mitigated by the decoder, by checking that there is no unprocessed data in each piece of the zlib stream. My implementation does not currently do this!”
To demonstrate the peak of possibilities that could be achieved with this ‘mistake,’ Buchanan shared proof-of-concept (PoC) code:
The 84-line PoC demonstrates how some image rendering libraries can be tricked into showing the alternate version of an image—the one with the ‘SECRET MESSAGE.’
In fact, the reverse engineer has released a handy tool called ‘Ambiguous PNG Packer‘ on GitHub that lets just about anyone create PNG images that look completely different in Apple software.
In March this year, Buchanan had also demonstrated how Twitter images could be abused to hide 3-MB-large ZIP and MP3 files within.
Now had the end result of this parallel-decoding business been merely an erroneous or corrupted image that wouldn’t render correctly, it would be easier to classify this as a ‘bug.’
But, we wonder, could this become a security risk in some contexts or an attack vector for malicious actors to abuse? The same file seen differently by two entities is bound to cause trouble.
macOS Monterey update causes some Macs to become unbootable
Google, Apple fined by Italian authority for aggressive data collection
Get 12 popular Mac apps for $18 with this limited edition bundle
Researchers show that Apple’s CSAM scanning can be fooled easily
Microsoft patches Excel zero-day used in attacks, asks Mac users to wait
I don’t immediately see any security ramifications with this without a chain downstream from the divergence. But I do see people being able to use this to show nasty images or messages only visible to Apple users as a throw back to the browser wars. Netscape advocates would sometimes intentionally sabotage webpages if someone visited their site with IE.
I use both ‘everything else’ and Apple products. Are there any real world instances where a PNG renders accidentally corrupted on Apple products but otherwise looks fine everywhere else? I’ve not personally seen such a case. The possibility does raise questions about using PNGs in the future for my own work, especially since Apple is sometimes glacial slow to fix bugs in their software.
Chrome on iOS uses Safari’s rendering engine—Apple forces all iOS web browsers to use it, so in reality Chrome is just Safari with Google’s UI and service integrations (sync, etc). That’s why the PNG looks the same in both on an iPhone.
Actually shows
“The requested content cannot be loaded.
please try again later.”
on my macbook using Safari.

This sounds more like an instance where a broken file could show differently, depending on how you try to display it.

My macbook sees it as broken. Yours tries harder to figure it out and display “something”..
“Actually shows
“The requested content cannot be loaded.
please try again later.”
on my macbook using Safari.
This sounds more like an instance where a broken file could show differently, depending on how you try to display it.
My macbook sees it as broken. Yours tries harder to figure it out and display “something”.. “

Safari v15.2 on a M1 MBP Monterey v12.1 shows it exactly how the article says it does. Firefox on the same MBP shows it the way the rest of the world sees it. I don’t use Safari for other reasons, but here’s another minor one to add to the list of reasons for me not using it.
Not a member yet? Register Now
Lenovo laptops vulnerable to bug allowing admin privileges
Conti ransomware uses Log4j bug to hack VMware vCenter servers
To receive periodic updates and news from BleepingComputer, please use the form below.
Malwarebytes for Mac
Malwarebytes Anti-Malware
Farbar Recovery Scan Tool
Windows Repair (All In One)
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.


You May Also Like

Stealthy WIRTE hackers target governments in the Middle East

Panasonic discloses data breach after network hackIKEA email systems hit by ongoing…

Microsoft announces new endpoint security solution for SMBs

FBI: Ransomware targets companies during mergers and acquisitionsMicrosoft Defender for Windows is…

Cox discloses data breach after hacker impersonates support agent

Emotet now drops Cobalt Strike, fast forwards ransomware attacksSonicWall ‘strongly urges’ customers…

Researchers release 'vaccine' for critical Log4Shell vulnerability

New zero-day exploit for Log4j Java library is an enterprise nightmareALPHV BlackCat…