Microsoft has pushed an update to correct a vulnerability in screenshot editing in Windows 10/11 , as reported earlier by Bleeping Computer. Bad actors could potentially recover edited screenshots and reveal personal information that was hidden or cropped. This security flaw is known as the “aCropalypse”.
Microsoft states that the CVE-2023-28303 issue affects both Snip & Sketch on Windows 10 as well as the Snipping tool on Windows 11. It only applies to images that were created using a specific set of steps. This includes images that were taken, saved, edited and saved over the original file. The ones opened in Snipping Tool, edited and saved to the same place. It does not affect the saved screenshots. It also does not impact the screenshots that were copied to an email body or document.
Microsoft was first to learn of the problem earlier in the week. Chris Blume (chair of the working group on the PNG image format) brought the issue to the attention David Buchanan, Simon Aarons, and Simon Aarons, security researchers who also discovered , the aCropalypse vulnerability affecting Google Pixel’s Markup Tool. Similar to the previous step, hackers can reverse any changes to screenshots. This allows them to reveal personal information that was hidden in images, by cropping it out, or writing over it.
The Microsoft Store allows you to download the most recent updates for affected apps. To do this, click Library and then choose Get Updates. You should set the Snipping tool to version 10.2008.3001.0 if automatic updates are enabled. The Snip & Sketch will be version 11.2302.20.0 if you do not have automatic updates enabled. Microsoft’s update won’t apply the modified screenshots that have already been posted online. This is similar to the Google patch. However, this could leave thousands of potentially exploitable screenshots.
The security flaw allows hackers to not only recover modified screenshots, but also to undo any changes to the image. This could reveal personal information that the user intended to delete. This could also include edited or cropped portions of the image thought to be hidden.
Users can access the Microsoft Store by clicking on “Library”, followed by “Get Updates” to obtain the most recent updates for affected applications.
Microsoft previously announced Windows 11 Update with new exciting features. The taskbar’s search function will now include AI-powered Bing. Additionally, the Phone Link app will make connecting to your Windows 11 PC easier for iPhone users. Windows 11’s widgets and taskbar are being upgraded with new features. Even classic apps such as Notepad will see a significant boost thanks to support for multiple tabs.