Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/davidbuchanan314/ambiguous-png-packer

Craft PNG files that appear completely different in Apple software [NOW PATCHED]
https://github.com/davidbuchanan314/ambiguous-png-packer

apple exploit idot png png-encoder

Last synced: 21 days ago
JSON representation

Craft PNG files that appear completely different in Apple software [NOW PATCHED]

Host: GitHub
URL: https://github.com/davidbuchanan314/ambiguous-png-packer
Owner: DavidBuchanan314
License: mit
Created: 2021-12-16T16:31:57.000Z (almost 3 years ago)
Default Branch: main
Last Pushed: 2022-03-07T12:53:36.000Z (over 2 years ago)
Last Synced: 2024-10-21T11:59:23.939Z (30 days ago)
Topics: apple, exploit, idot, png, png-encoder
Language: Python
Homepage:
Size: 99.6 KB
Stars: 1,065
Watchers: 9
Forks: 35
Open Issues: 5
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# Ambiguous PNG Packer

Craft PNG files that appear completely different in Apple software

For context: https://www.da.vidbuchanan.co.uk/widgets/pngdiff/

# UPDATE: Apple seems to have patched this now, I'm not sure in which version exactly

## Sample output:

![sample image](/samples/mac_vs_ibm_output.png)

If you're viewing this via Apple software (e.g. Safari) you should see an image of a mac, and on other non-Apple software, you should see an IBM PC. (Note: If you're in Safari and still seeing the IBM PC, hit refresh a few times...)

As a bonus, here's a race condition I found in desktop macOS Safari:

![race condition](/samples/race_condition.png)

You should see a slightly different image on each page refresh!

Here's a "live" version, which self-refreshes on each frame: https://www.da.vidbuchanan.co.uk/widgets/pngdiff/race.html