Microsoft has fixed a bug in Windows Snipping Tool that makes it save the original image even if you edited it

There is a rather serious vulnerability in the Snipping Tool in Windows 11, which allows you to partially or completely restore data removed from cpatures. A similar issue called "aCropalypse" is present in the screenshot tool on Google Pixel smartphones.

It just adds the modifications you have done to the original image to the end of the image. This preserves the original image untouched, with the modified one written to the same file after the initial data.

This issue is widely known as a vulnerability dubbed "aCropalypse". Such PNGs can be used by attackers to rediscover what sensitive information you cropped or blurred. It was first discovered in Google's Pixel firmware. It is surprising to see it in the Snipping Tool, as the software should not share code portions.

The issue becomes serious if you take a screenshot of a page that contains a bank card number, postal address, or other sensitive information. By cropping or blurring the image you probably assume it will permanently delete the modified data. However, this does not actually happen, making it possible to restore the original image. Sharing such images will leak your personal data can even cause the theft of funds from your bank card.

It is easy to test if your Snipping Tool is affected by the bug.

  1. Capture a screenshot, and save it to a file.
  2. Make note the size of the saved file.
  3. Heavily crop the image and then save it (Ctrl + S).
  4. See the size of the file. If it grew instead of becoming smaller, your Snipping Tool is affected by the bug.

Microsoft is aware of the issue and has issued an update. Snipping Tool 11.2302.20.0 fixed the bug. Currently, it is only available to Insiders. After installing this update, you shouldn't be able to reproduce the scenario any longer.

Via @David3141593, bleepingcomputer

Support us

Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:

If you like this article, please share it using the buttons below. It won't take a lot from you, but it will help us grow. Thanks for your support!

Author: Sergey Tkachenko

Sergey Tkachenko is a software developer who started Winaero back in 2011. On this blog, Sergey is writing about everything connected to Microsoft, Windows and popular software. Follow him on Telegram, Twitter, and YouTube.

Leave a Reply

Your email address will not be published.

Exit mobile version
Using Telegram? Subscribe to the blog channel!
Hello. Add your message here.