Microsoft has released an update to fix a screenshot editing vulnerability in Windows 10 and 11 that allows threat actors to recover modified screenshot sections.
The security issue — called the “aCropalypse” — could allow threat actors to recover the modified portions of screenshots, potentially disclosing sensitive information that had been cropped out or masked, according to The Verge.
The issue affects both the Snip & Sketch application on Windows 10 and the Snipping Tool on Windows 11, according to Microsoft.
It does, however, only apply to photographs made using a very precise set of processes, including those that have been taken, saved, edited, and then saved over the original file, as well as the ones opened in the Snipping Tool, edited, and then saved to the same location, the report said.
Moreover, the security flaw has no effect on screenshots that have been updated before saving them, and it also has no effect on screenshots that have been copied and pasted into, for instance, the body of an email or document.
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |