An update is also available for Windows 10 devices.
Microsoft has released a pair of emergency updates that address the "aCropalypse" security flaw found in its native screenshot editing apps for Windows 10 and 11. As Bleeping Computer reports, the company began testing a patch for the vulnerability earlier this week shortly after it discovered by former software engineer Chris Blume.
On Friday evening, Microsoft began rolling out public updates for Windows 11's Snipping Tool as well as Windows 10's Snip & Sketch app. You can manually prompt Windows to fix the app you're using by opening the Microsoft Store and clicking "Library" and then "Get updates." Microsoft recommends that all users install updates.
The aCropalypse bug was first discovered on Pixel devices and was subsequently addressed by Google in the recent March Android security update. In the case of the Windows 11 Snipping Tool, it turned out that the tool did not properly overwrite the clipped PNG data. The problem did not affect all PNG files, but the concern was that bad actors could use the vulnerability to partially restore edited images, especially those that had been cropped to omit sensitive information. As with Google's March Android update, Microsoft's patches will not protect images that were previously created using screenshot tools.
It's not just Android phones that are vulnerable to the screenshot security flaw. Developer Chris Blume has discovered that the Snipping Tool in Windows 11 will fall victim to a similar exploit. The tool does not completely delete unused PNG image data, allowing you to recover part of the cropped image and potentially recover sensitive data. As BleepingComputer verified with researcher David Buchanan, you can extract the allegedly hidden information using a slightly modified version of the script used to demonstrate the Android vulnerability.
The issue does not affect some PNG files, including optimized images. You can also clear the unused data by saving the cropped image as another file in the image editing tool. JPEG files also leave data from the original screenshot, but the exploit is not known to work with the format at this stage.
We've reached out to Microsoft for comment and will let you know if we hear back. In a statement to BleepingComputer, Microsoft says it is "investigating" the security reports and will "take action as necessary" to protect users.
Buchanan and programmer Simon Aarons recently found a fatal "aCropalypse" bug in the Markup screenshot feature on Google Pixel phones. While Google has since patched the security hole with its March update (now extended to Pixel 6 phones), the fix only applies to images created after the patch was installed. Assuming Microsoft releases a corresponding Windows 11 update, existing images may have the same problem.
The concern, as you might guess, is that an intruder with access to your images can use the script to recover information you want to hide, such as contacts and trade secrets. The perpetrator could use this information for harassment, blackmail or espionage. While this might not be as much of a problem for locally stored screenshots (you have bigger problems if an attacker already has access to your device), it can be very problematic for unedited images that you store in the cloud.
Post a Comment
you have any problem , please let me know.