Microsoft Issues Fixes For 'Acropalypse' Windows Screenshot Bug
Microsoft has issued emergency fixes to patch the “aCropalypse” Windows 10 and 11 security flaw that allowed malicious actors to reveal the unedited contents of a cropped screenshot.
As Bleeping Computer reports(Opens in a new window), the privacy vulnerability was caused by Windows 11’s Snipping Tools and Windows 10’s Snip and Sketch app not properly removing cropped image data when overwriting the original file.
The flaw, noticed by retired software engineer Chris Blume(Opens in a new window), raised serious concerns that bad actors could recover original uncropped files, and therefore access private information such as credit card details or passwords.
In a statement to Bleeping Computer about the bug, formally called CVE-2023-28303, Microsoft said Saturday: "We have released a security update for these tools via CVE-2023-28303. We recommend customers apply the update.”
The security updates can be downloaded by opening the Microsoft Store and clicking on “Library” before “Get Updates.”
According to security researchers who spoke to Bleeping Computer, the number of public images impacted by the Acropalypse bug is likely to be “much higher” than 4,000.
On its official blog for security updates, Microsoft described(Opens in a new window) the vulnerability as “low” in severity because “successful exploitation requires uncommon user interaction and several factors outside of an attacker’s control.”
For a file to be exposed to the flaw, a user must take a screenshot, save it to a file, crop that file, and then save the modified file to the same location. Users can also have their files exposed if they open an image in Snipping Tool, crop it, and then save the cropped file to the same location, Microsoft posted.
Microsoft
Read more on pcmag.com
