Patches now fix security vulnerabilities in Windows 10 and 11. These vulnerabilities potentially allowed hackers to reveal the unedited content of cropped and publicly shared screenshots.
The vulnerability, named aCropalypse – in reference to the term Crop and Apocalypse – was due to Windows 11’s Crop Tools and Windows 10’s Snip and Sketch app not properly removing cropped image data. when overwriting the original file says PCmag.
The flaw raised serious concerns that malicious actors could recover the original uncropped files, and therefore gain access to private information such as credit card details or passwords.
“Low” vulnerability
Microsoft said on Saturday, “We have released a security update for these tools via CVE-2023-28303. We recommend that customers apply the update.” Security updates can be downloaded by opening the Microsoft Store and clicking “Library” before “Get Updates”.
On its official Security Updates blog, Microsoft rates the vulnerability as “low” in severity because “successful exploitation requires uncommon user interaction and several factors beyond the attacker’s control” .
For a file to be exposed to the flaw, a user must take a screenshot, save it to a file, crop that file, and then save the edited file to the same location. Users can also see their files exposed if they open an image in the cropper, crop it, and then save the cropped file in the same location, Microsoft says.
The vulnerability was first discovered on Google Pixel devices, and affected Pixel’s Markup tool. Google quickly patched the issue in its March security update.