The bug allows information from a cropped image to be recovered and viewed.
Microsoft appears to have fixed a major bug in the Windows 11 Snipping Tool, according to a report in BleepingComputer. The bug, known as the ‘aCropalypse’ privacy flaw, allows the partial restoration of cropped images.
With the Snipping Tool app, Windows users can remove sensitive information or some other parts of photos, screenshots, and other images by cropping them. However, as was reported by a Windows Insider named XenoPanther, the problem is that for the Windows 11 app – as well as Microsoft’s Snip & Sketch cropping tool in Windows 10 – the file of the cropped image still includes the cropped out portions.
The exact workings of the vulnerabilities differ slightly between Windows 10 and 11, but the end result is the same: potentially sensitive “cropped” data can still be recovered and viewed.
BleepingComputer has now confirmed that, in the latest release of Windows 11, Microsoft fixed the bug that does not remove cropped image data when saving changes to the original file on Windows 11. BleepingComputer also reports, however, that the bug remains in Windows 10.
A similar flaw in Google Pixel devices
Last week, a new security vulnerability was also disclosed for Google Pixel devices that can partially restore deleted content from cropped images. This flaw is considered a privacy risk because it’s common to remove sensitive information from a photo by cropping it. This could be a wide variety of info, including confidential information from a document, location-identifying information, faces in a nude picture, or sensitive URLs in a browser screenshot.
BleepingComputer reports that, according to reverse engineers Simon Aarons and David Buchanan – who named the bug aCropalyse – the problem affects Pixel smartphones since 2018, when the 3 series came out. The report confirms, however, that Google has since patched its code to avoid leaking cropped areas of images.