Security News > 2023 > March > Windows 11 Snipping Tool privacy bug exposes cropped image content

Windows 11 Snipping Tool privacy bug exposes cropped image content
2023-03-21 21:32

A severe privacy flaw named 'acropalypse' has also been found to affect the Windows Snipping Tool, allowing people to partially recover content that was edited out of an image.

Last week, security researchers David Buchanan and Simon Aarons discovered that a bug in Google Pixel's Markup Tool caused the original image data to be retained even if it was edited or cropped out.

When opening a file in the Windows 11 Snipping Tool and overwriting an existing file, instead of truncating any unused data, it leaves the unused data behind, allowing it to be partially recovered.

While the cropped image now contains far less data than the original one, the file sizes for the original image file and cropped image file are the same, as seen below.

Using the Windows 11 Snipping Tool to overwrite the original image with the cropped version, the program did not correctly truncate the unused data, and it remains after the IEND data chunk.

Finally, the Windows 11 Snipping Tool also performs the same behavior with JPG files, leaving data untruncated if overwritten.


News URL

https://www.bleepingcomputer.com/news/microsoft/windows-11-snipping-tool-privacy-bug-exposes-cropped-image-content/