Personal News
Microsoft has pushed an update to fix a screenshot editing vulnerability in Windows 10 and 11, as spotted earlier by beeping computer. The security flaw, dubbed “aCropalypse,” could allow bad actors to retrieve altered portions of screenshots, potentially revealing personal information that had been cropped or concealed.
According to Microsoft, the issue (CVE-2023-28303) affects both the Snip & Sketch app on Windows 10 and the Snipping Tool on Windows 11. However, it only applies to images created in a set of very specific steps. This includes those that were taken, saved, modified, and then saved to the original file, as well as those opened in the snipping tool, edited, and then saved to the same location. This has no effect on edited screenshots Before save them, nor does it affect screenshots that have been copied and pasted, for example, into the body of an email or document.
Microsoft first learned of the issue earlier this week. That’s when Chris Blume, chair of the PNG image format working group, brought it to the attention of David Buchanan and Simon Aarons, the same security researchers who discovered the aCropalypse vulnerability affecting the google pixel markup tool. Likewise, it allows hackers to undo edits made to screenshots, allowing personal information to be revealed in an image that someone thought it was hiding, whether by cropping it or scribbling on it.
You can download the latest updates for affected apps on Windows by going to the Microsoft Store, clicking Librarythen choosing Get updates. If automatic updates are enabled, you should notice that the Snipping Tool should be set to version 10.2008.3001.0, while the Snip & Sketch Tool will be version 11.2302.20.0. Much like the patch released by Google, Microsoft’s change will not update edited screenshots that had already been posted online, which could potentially leave thousands of screenshots on the web that bad actors can exploit.
