Microsoft has released an update to fix a security flaw in its Snip & Sketch app on Windows 10 and the Snipping Tool on Windows 11, which was called the “aCropalypse” vulnerability. The flaw could allow bad actors to recover edited portions of screenshots, potentially revealing personal information that had been cropped out or concealed. However, the vulnerability only affects images created in a specific set of steps, which includes taking, saving, editing, and then saving over the original file, as well as opening screenshots in the Snipping Tool, editing and then saving them to the same location.
This vulnerability does not affect screenshots modified before saving them, nor screenshots that have been copied and pasted into an email or document. Security researchers Simon Aarons and David Buchanan were made aware of the issue by working group chair of the PNG image format, Chris Blume. The researchers also discovered the aCropalypse vulnerability in the Google Pixel’s Markup tool, which allows hackers to reverse changes made to screenshots, revealing hidden personal information.
Users can download the latest updates for the affected apps on Windows by opening the Microsoft Store, clicking on Library and then choosing Get Updates. If automatic updates are enabled, the Snipping Tool should be set to version 10.2008.3001.0, while the Snip & Sketch tool will be version 11.2302.20.0. It is important to note that the update will not update edited screenshots that have already been posted online, leaving potentially thousands of screenshots on the web that bad actors can exploit.
