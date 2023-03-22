Recently, there has been a lot of buzz about the aCropalypse vulnerability in the screenshot tool for Google Pixel phones, which could lead to the disclosure of sensitive information through screenshots even without the user’s awareness. It turns out, however, that this problem isn’t unique to Google, as the same problem is encountered in Windows 11’s Snipping Tool app.

If you are not familiar with aCropalypse, here is a brief introduction. This is a bug that allows almost anyone to undo the edits you’ve made on the screenshot, thereby cropping, smearing, or blurring information that you may have already cut off from the screenshot. When editing a screenshot, you may simply overwrite the original image file with the same name as the original screenshot file, but it turns out that the Windows 11 Snipping Tool does not remove the original information from the file, it just appends it to the end. While usually the user cannot see how it works, there are a few tricks that attackers can use to retrieve your hidden information from files and view anything that has been edited out.

Introducing acropalypse: a serious privacy vulnerability in the Google Pixel’s inbuilt screenshot editing tool, Markup, enabling partial recovery of the original, unedited image data of a cropped and/or redacted screenshot. Huge thanks to @David3141593 for his help throughout! pic.twitter.com/BXNQomnHbr — Simon Aarons (@ItsSimonTime) March 17, 2023

After Twitter user Chris Blume shared his original findings about the Pixel phone vulnerability, he also attached a report showing that the same thing happened on Windows 11. Since then, David Buchanan, who wrote the original blog post explaining the Pixel phone bug, has confirmed that the Windows 11 Snipping Tool and the Pixel Snipping Tool work almost identically, despite using a different color model. You can verify this by looking at the file size, edited screenshots can be much larger due to the inclusion of information from the original image.

holy FUCK. Windows Snipping Tool is vulnerable to Acropalypse too. An entirely unrelated codebase. The same exploit script works with minor changes (the pixel format is RGBA not RGB) Tested myself on Windows 11 https://t.co/5q2vb6jWOn pic.twitter.com/ovJKPr0x5Y — David Buchanan (@David3141593) March 21, 2023

This is a very serious vulnerability considering how common it is for users to crop or blur or smear sensitive information in image content they want to share. For example, if you share a screenshot of an e-commerce platform order with your friends, it may contain your address, even if you cut it off, it may be found by someone who is interested. The same logic applies to others including ID number, credit card number, etc. To demonstrate how this vulnerability works, Simon Aarons has set up a tool website that allows you to test the issue. Just feed it a PNG screenshot that has been smudged with the Markup tool in your Pixel phone (in the photo album, see image below), and it will try to recover other data it finds in the image. What can be recovered varies, but this can range from removing blurry details to providing more of an image by restoring cropped parts.

Now that the vulnerability has been revealed to the public, I hope that Google and Microsoft can release a fix as soon as possible, but even if it is patched now, the edited screenshots that are currently in the computer will still be affected, so you may need to check for any possible exposure of personal privacy information, and permanently delete unwanted photos with sensitive information attached.