A recent discovery involving Google’s Pixel phones has raised concerns about the security of sharing edited screenshots. This issue, known as “aCropalypse,” occurs when sensitive information is unintentionally revealed through screenshots even after the user has edited or blurred it out. As it turns out, Google isn’t the only one facing this problem – Microsoft’s Windows 11 Snipping Tool has been found to have a similar vulnerability, putting users’ private information at risk when they take screenshots. Here are the details…

Windows 11 Snipping Tool vulnerability can reveal sensitive information in screenshots

The aCropalypse vulnerability allows threat actors to undo edits made on a screenshot, revealing sensitive information that the user intended to crop out or blur. When editing a screenshot, users often save the edited image with the same name as the original file, inadvertently overwriting it. However, the Windows 11 Snipping Tool does not delete the original information from the file but merely appends it at the end, making it invisible to the average user. With some technical know-how, an attacker can retrieve the hidden information from the file and gain access to the edited-out content.

Windows 11 screenshot

Twitter user Chris Blume reported the vulnerability in the Windows 11 Snipping Tool, sparking further investigation. David Buchanan, who initially uncovered the aCropalypse vulnerability in Pixel phones, has since confirmed that the Windows 11 Snipping Tool works in a similar way, although it uses a different color model. The file size of edited screenshots can also provide clues about the vulnerability, as these images are often larger due to the inclusion of information from the original image.

This vulnerability poses a serious threat, as users frequently crop out or blur sensitive information in images before sharing them. For instance, a user might share a screenshot of an order confirmation page from Amazon, removing their address before posting. However, this vulnerability could allow an attacker to retrieve the cropped-out information, including addresses, credit card numbers, and other sensitive data.

With the vulnerability now public knowledge, it is expected that a fix will be issued soon. However, existing edited screenshots will still be affected, so users should reevaluate any images that might contain sensitive information. Attackers are likely searching for potential victims, so it’s crucial to stay vigilant and protect personal data.

The Windows 11 Snipping Tool’s vulnerability highlights the importance of being cautious when sharing edited images. As technology continues to advance, so too do the methods employed by cybercriminals. Users must remain vigilant and ensure that sensitive information is not inadvertently exposed through edited screenshots or other digital means. It is vital to stay informed about potential vulnerabilities in commonly used tools and adopt best practices for safeguarding personal information.

RELATED:

(via)

RELATED ARTICLESMORE FROM AUTHOR