Microsoft is testing an updated Windows 11 Snipping Tool that fixes a recently disclosed “Acropalypse” privacy flaw that allows cropped images to be partially restored.

As first spotted by a Windows enthusiast XenoMicrosoft yesterday released Windows 11 Snipping Tool version 11.2302.20.0 to Windows Insiders in the Canary Channel through the Microsoft Store.

With this release, BleepingComputer can confirm that Microsoft has fixed the bug that does not remove cropped image data when saving changes to the original file on Windows 11. However, the bug remains in Windows 10.

The Acropalypse privacy breach

Last week, a new security vulnerability named “Acropalypse” was disclosed for Google Pixel devices which can partially restore deleted content from cropped images.

This flaw is considered a privacy risk because it is common to remove sensitive information from a photo by cropping it. It can be a wide variety of information, including confidential information from a document, location credentials, faces in a nude photo, or sensitive URLs in a screenshot of Navigator.

The vulnerability was revealed by security researchers David Buchanan And Simon Aaronwho reported the bug in google pixel markup tool to Google, which later patched it as part of the Google Pixel March security updates.

Shortly after, it was discovered that the bug also affected the Windows Snipping Toolto partially recover cropped screenshots.

The bug is caused by different reasons in Windows Snipping Tool And Google Pixel Markup Tool. However, the end result is that when you crop a photo using image editors and overwrite the original file with the changes, the cropped data will not be removed from the file.

Instead, the cropped image will be the same size as the original, now containing two blocks of IEND data, the first being the proper end of the new cropped image and the second being the end of the cropped data that should have been truncated when the image was saved.

Below is an example of a PNG file affected by the Acropalypse bug allowing the recovery of cropped data. Notice how the image has two blocks of IEND data in the file when the file format specifies that there should be only one IEND marker in a PNG file to indicate the end of the image.

PNG file affected by the Acropalypse rift
PNG file affected by the Acropalypse rift
Source: BleepingComputer

In the new Windows 11 Snipping Tool version 11.2302.20.0, when cropping data and overwriting the original file, the software now properly truncates unused data, leaving only a single block of IEND data in the file. picture.

Cropped and original images now having different sizes
Cropped and original images now having different sizes
Source: BleepingComputer:

This effectively fixes the issue in the Windows 11 Snipping Tool and should be in the production version within the next few weeks.

However, the problem also affects Windows 10’s snipping tool (Snip and Sketch), and there is no update available, even for insiders, that fixes the bug.

BleepingComputer has contacted Microsoft to find out if the Windows 10 app will also be fixed and will update this post if we receive a response.

Source link