Microsoft scrambles to fix Windows 11 'aCropalypse' privacy-battering bug

Microsoft is said to be preparing to fix the high-profile "aCropalypse" privacy bug in its Snipping Tool for Windows 11.

Users can remove sensitive information or some other parts of photos, screenshots, and other images by cropping them using the Snipping Tool app. The problem is that for the Windows 11 app - as well as Microsoft's Snip & Sketch cropping tool in Windows 10 - the file of the cropped image still includes the cropped out portions, which can be recovered and viewed.

A similar flaw was found in Google's Markup image-editing app for its Pixel smartphones. According to reverse engineers Simon Aarons and David Buchanan - who named the bug aCropalyse - the problem affects Pixel smartphones since 2018, when the 3 series came out. Google patched its code to avoid leaking cropped areas of images.

Then this week, Buchanan confirmed that the Windows Snipping Tool and Snip & Sketch software had the same issue. If a user cropped a photo or other image using the software and then saved the edited image over the original file, that file still contains the cropped-out portion. The area isn't visible when viewing the image using normal tools, but the data is still there in the file, and can be restored and viewed using appropriate recovery software.

We're saved .. soon!

A Windows Insider who goes by the handle XenoPanther observed that Microsoft may have fixed the problem already. The Windows giant created version 11.2302.20.0 of the Snipping Tool app - the current stable version is 11.2302.4.0 - and is releasing it in the Windows Insider Canary channel for testing.

The Register has asked Microsoft for a response and will add it to the story if one comes back.

It's unclear when Microsoft intends to release the updated Snipping Tool app to all users - or if a fix is coming for the flaw in Windows 10 - though the quick reaction to the initial report indicates that Redmond is eager to get this sorted quickly.

Meanwhile, if you've used Microsoft's code to crop your snaps and then shared them on, be aware someone with a copy of them might be able to recover the lopped-off portions. ®

Search
About Us
Website HardCracked provides softwares, patches, cracks and keygens. If you have software or keygens to share, feel free to submit it to us here. Also you may contact us if you have software that needs to be removed from our website. Thanks for use our service!
IT News
May 29
AI chip sales predicted to jump by a third this year - then cool off

Gartner gives us a ray of hope amid ongoing hype and pressure to buy more hardware

May 29
Red Hat Enterprise Linux and AlmaLinux 8.10 released as end of the RHEL 8 line looms

Some derivatives haven't got there yet, but it's time to get a move on...

May 29
Ex-OpenAI board member accuses Sam Altman of 'outright lying'

Claims she and other members 'learned about ChatGPT on Twitter'

May 29
Don't fall for the bring-your-own-AI trap

Commissioned Bring-your-own-AI by any other name is shadow AI, and unsanctioned AI poses risks to your business

May 29
LLMs can write and answer quizzes - but aren't quite ready to disrupt trivia night

Feed AutoQuizzer a URL and it will use LLaMa-3 to make a decent multiple-choice test

May 29
Fancy climbing the peaks of Alpine Linux? 3.20 is out

Tiny, powerful, uncluttered: not easy, but a lot to like

May 29
Using AI in science can add to reproducibility woes, say boffins

Royal Society warns black box models, a lack of documentation and limited access to computing hamper efforts to understand results