However, existing edited screenshots will still be affected, so users should reevaluate any images that might contain sensitive information. With the vulnerability now public knowledge, it is expected that a fix will be issued soon. However, this vulnerability could allow an attacker to retrieve the cropped-out information, including addresses, credit card numbers, and other sensitive data.
For instance, a user might share a screenshot of an order confirmation page from Amazon, removing their address before posting. This vulnerability poses a serious threat, as users frequently crop out or blur sensitive information in images before sharing them. The file size of edited screenshots can also provide clues about the vulnerability, as these images are often larger due to the inclusion of information from the original image. David Buchanan, who initially uncovered the aCropalypse vulnerability in Pixel phones, has since confirmed that the Windows 11 Snipping Tool works in a similar way, although it uses a different color model. Twitter user Chris Blume reported the vulnerability in the Windows 11 Snipping Tool, sparking further investigation. With some technical know-how, an attacker can retrieve the hidden information from the file and gain access to the edited-out content. However, the Windows 11 Snipping Tool does not delete the original information from the file but merely appends it at the end, making it invisible to the average user. When editing a screenshot, users often save the edited image with the same name as the original file, inadvertently overwriting it. The aCropalypse vulnerability allows threat actors to undo edits made on a screenshot, revealing sensitive information that the user intended to crop out or blur. Here are the details… Windows 11 Snipping Tool vulnerability can reveal sensitive information in screenshots As it turns out, Google isn’t the only one facing this problem – Microsoft’s Windows 11 Snipping Tool has been found to have a similar vulnerability, putting users’ private information at risk when they take screenshots. This issue, known as “aCropalypse,” occurs when sensitive information is unintentionally revealed through screenshots even after the user has edited or blurred it out. A recent discovery involving Google’s Pixel phones has raised concerns about the security of sharing edited screenshots.
0 kommentar(er)
