Look closely at the image below. Now view this photo with one of the Apple devices (iPhone, iPad and), and view it once with an Android or Windows device. If you use Apple gadgets and see this image in Safari, you will most likely see a completely different image from Google Chrome Android or a photo viewer in Windows.
This image was created by software engineer David Buchanan, who surprised everyone with his creation. Most users will see the phrase "HELLO WORLD" by looking at the PNG file above, but for those who view it in Apple gadgets, the phrase "HELLO APPLE" is displayed, which is very strange. But believe me, this is just a typical image that looks incredibly different on Android devices and Apple gadgets.
In an experiment conducted by the BleepingComputer website, on a Mac computer with version 11.6 MacOS Big Sur and in the latest version of Google Chrome browser (96.0.4664.10 (x86_64), the text in the image showed the phrase "HELLO WORLD", but when you open this image in Safari browser, the phrase "HELLO APPLE" You will see.
However, in another experiment by BleepingComputer using IPhone, both Google Chrome and Safari browsers show "HELLO APPLE" not "HELLO WORLD".
Here is another image that will surprise you the most. Which word do you see? IBM or Mac? Once again, see this image with Apple and Android gadgets:
What is the reason for this?
Buchanan briefly explains the reason and concept on his personal website Explains "parallel decryptable PNGs" that cause ambiguity between software programs. Depending on the image display program, a PNG file may look completely different. "I found this while writing my own multi-threaded PNG decoder," Buchanan writes. As I thought about my design image, I realized that there was something that could be used in the execution of this design. "After I found out that Apple has its own implementation method in parallel decryptable PNGs, I realized that they made exactly the same mistake!"
Buchanan shared the PoC proof code:
shows the 84 PoC line. How some image display programs can be fooled into showing an alternative version of an image that contains "confidential information". In fact, Buchanan has released a handy tool called "Ambient PNG Packer" on GitHub that lets anyone create PNG images that look completely different on Apple software.
In March this year ( March), Buchanan also showed how Twitter images can be exploited to hide large 3 MB ZIP and MP3 files inside. Now it would be easier to classify it as a bug if the end result of this parallel decoding was just a false or corrupted image that was not presented correctly. However, we do not know whether this issue can become a security risk or the abuse of malicious agents in some areas. But it seems that the same file that is seen on two different devices will certainly cause problems.
Source: BleepingcomputerTags: image, looks, very, different, apple, devices,, see, yourself