Microsoft has pushed an update to fix a screenshot editing vulnerability in Windows 10 and 11, as seen above by computer beep. The security flaw, dubbed “aCropalypse,” could allow bad actors to recover edited parts of screenshots, potentially revealing personal information that had been cropped or hidden.
According to Microsoft, the issue (CVE-2023-28303) affects both the Snip & Sketch app on Windows 10 and the Snipping Tool on Windows 11. However, it only applies to images created in a very specific set of steps. . That includes those that have been taken, saved, edited, and then saved over the original file, as well as those that were opened in the Snipping Tool, edited, and then saved to the same location. It has no effect on modified screenshots. before saving them and also does not affect screenshots that have been copied and pasted, for example, in the body of an email or document.
Microsoft first learned of the issue earlier this week. That’s when Chris Blume, chair of the working group for the PNG image format, came to the attention of David Buchanan and Simon Aarons, the same security researchers who discovered the aCropalypse vulnerability affecting the Google Pixel Markup tool. This similarly allows hackers to revert changes made to screenshots, allowing the personal information in an image that someone thought they were hiding by either cropping or writing over it to be revealed.
You can download the latest updates for affected apps in Windows by going to the Microsoft Store, clicking Libraryand then choosing get updates. If you have automatic updates enabled, you should note that the Snipping tool should be set to version 10.2008.3001.0, while the Snipping and Sketching tool will be set to version 11.2302.20.0. However, like the patch that Google issued, Microsoft’s change will not update edited screenshots that have already been posted online, potentially leaving thousands of screenshots on the web for bad actors to exploit.
