Security researchers have found a new vulnerability in the Snipping Tool app available in Windows 11. The security flaw dubbed aCropalypse could allow threat actors to reveal sensitive information blurred or cropped out in screenshots.
Snipping Tool is a built-in screenshot-capturing tool that comes with the Windows operating system. In Windows 11, Microsoft introduced a new version that replaced the legacy Snipping Tool and Snip & Sketch apps. The new Snipping Tool app provides more features and options for taking and editing screenshots without using third-party software.
The aCropalypse vulnerability was first discovered by software engineers Chris Blume and David Buchannan in the Windows 11 Snipping Tool. As it turns out, the Snipping Tool doesn’t delete the original information from the edited file. Typically, the data is appended at the end of the edited screenshots in such a way that it remains invisible to Windows 11 users. However, any threat actor could exploit the vulnerability to retrieve the hidden information.
Fortunately, Microsoft’s engineers are investigating the security flaw and a fix should be available soon. “We are aware of these reports and are investigating. We will take action as needed to help keep customers protected,” a Microsoft spokesperson said in a statement to BleepingComputer.
In the meantime, it’s highly recommended to use alternative image editing tools (such as Adobe Photoshop) on Windows 11 PCs. It’s also important to implement access controls and encryption measures to block unauthorized access to sensitive information. It should significantly reduce the risk of data breaches that could potentially reveal personal data, including credit card information and phone numbers.