Microsoft has released a security update to address a vulnerability that could compromise the security of shared edited screenshots. Known as “aCropalypse,” the vulnerability was initially detected on Pixel devices and addressed by Google in its March security update. However, in the case of Windows 11’s Snipping Tool, the issue was related to the app’s failure to overwrite cropped PNG data. The vulnerability could have had dire consequences for users of Windows 10 and 11 screenshot editing apps. Microsoft acted swiftly to address the security flaw after it was reported by Chris Blume, a retired software engineer.
The vulnerability did not impact all PNG files, but it posed a severe threat as attackers could potentially recover edited images that had been cropped to hide sensitive information. Microsoft’s patches are similar to Google’s March Android update in that they do not provide protection for images that were created before the updates were installed.
Bleeping Computer reports that Microsoft moved quickly to test and deploy updates for the affected apps. On Friday, the company began rolling out public updates for Windows 11’s Snipping Tool and Windows 10’s Snip & Sketch app. Users can easily download the updates manually by accessing the Microsoft Store and clicking on “Library,” followed by “Get Updates.” Microsoft is urging all users to install the updates as soon as possible to ensure their devices are protected.
It’s worth noting that the vulnerability in the Windows 11 Snipping Tool was related to a specific issue where the app failed to overwrite cropped PNG data. This flaw could have allowed attackers to recover sensitive information hidden in edited screenshots. In response to the security issue, Microsoft acted swiftly to develop and release security updates for affected Windows 11 and Windows 10 screenshot editing apps.
While the vulnerability did not affect all PNG files, it still presented a significant risk to users’ privacy and security. Attackers could potentially recover sensitive information from edited screenshots that were cropped to hide personal data. Therefore, it is critical that all users of the affected apps install the security updates as soon as possible to safeguard their devices. Users can easily access the updates by navigating to the Microsoft Store and clicking on “Library” followed by “Get Updates.”