Windows 11 Snipping Tool has a serious privacy flaw that can expose information cropped out of screenshots
Microsoft Snipping Tool utility has been found to have a vulnerability that means that screenshots that have been cropped can be very easily uncropped, potentially exposing sensitive information.
The Snipping Tool is one of the most useful tools to be found in Windows 11, making it easy to take a variety of screenshots -- and, more recently, record screen activity -- without the need for third-party software. But the way in which the app crops images means that edited images are really just the original screengrab; 'cropped' parts are simply hidden and easily restored.
- Windows 11 Moment 2 update is slowing SSDs and putting system boot times in slo-mo
- Microsoft tests option to let you receive Windows 11 updates sooner
- Microsoft is bringing huge changes to app pinning and app defaults in Windows 11
If this sounds familiar, it is because a similar flaw was recently found to affect Google's range of Pixel phones -- a vulnerability dubbed aCropalypse. The issue with the Windows 11 Snipping Tool also affects the Snip & Sketch utility in Windows 10 (although not the Windows 10 version of the Snipping Tool).
The problem was discovered by software engineers Chris Blume and David Buchannan who shared their findings on Twitter:
As Blume explains, the issue stems from the Snipping Tool's failure to truncate the file when saving the screenshot:
What is particularly worrying about the flaw is that no special tools are needed to retrieve the cropped-out data.
As reported by Bleeping Computer, the vulnerability is easily replicated and has been confirmed by multiple sources including info sec expert Will Dormann:
Microsoft is yet to acknowledge the issue and there is currently no fix available. In the meantime, the advice is to use an alternative image editor to crop screengrabs to ensure that no unwanted data is retained.
Image credit: ioiak2 / depositphotos
Pingback: Microsoft releases emergency updates to deal with screengrab privateness flaws - Gamingmodule.in
Pingback: Microsoft releases emergency updates to handle screengrab privateness flaws - Tech Spawn