Reverse engineer David Buchanan has discovered that the Snipping Tool on Windows 11 is also vulnerable to the “Acropalypse” bug. When using this tool to take screenshots and cropping them, saving the image to the same file, it is still possible to recover the original image from the cropped image data. Even if only a portion of the image is cropped, this vulnerability poses a significant privacy and security risk. Hackers could potentially recover sensitive data such as passwords, credit card numbers, and bank account information from the original image.
Buchanan stated that the same vulnerability exploitation script, with slight modifications (the pixel format is RGBA instead of RGB), can reproduce the same issue in the Microsoft Snip & Sketch tool that comes with Windows 10. However, the original Windows 10 snipping tool does not have this problem.
Microsoft has not yet commented on this issue. The “Acropalypse” bug previously appeared in the Google Pixel’s pre-installed photo editing tool Markup, and Google has since fixed the issue.