Users of Windows 11 should be aware of a vulnerability in the Snipping Tool app, which can reveal sensitive information in screenshots even after the screenshots have been edited to crop or blur out the sensitive information. The vulnerability can be exploited by a remote attacker. The vulnerability operates in a manner analogous to that of the aCropalypse vulnerability, which was recently discovered and named by security experts after being found in Google’s Pixel smartphones. When a screenshot is edited and saved using the Windows 11 Snipping Tool, the original information that was captured in the screenshot is not removed from the file. Instead, it is appended to the end of the file in a way that is hidden from the user. This indicates that the information that was hidden within the file can be retrieved by attackers, and they can also view the information that was edited out.
Users frequently crop out or blur sensitive information in images that they share online, such as addresses, credit card numbers, and other personal details. This is a serious problem because users share images online. Attackers can still access the information, even if it has been removed from the edited screenshot, because of a vulnerability in the Snipping Tool. It is imperative that any previously edited screenshots be inspected for the possible disclosure of private information and that steps be taken to remove any information that was concealed.
The finding of this vulnerability highlights how critical it is to routinely update software and devices in order to keep them safe from any potential threats to their security. When users share sensitive information online, they should exercise caution and take extra precautions to ensure that any personal information they share does not become accidentally publicized through the use of screenshots or other methods.
It is hoped that a patch for the vulnerability in the Snipping Tool will be released soon, but in the meantime, users should be aware of the potential risks.