If you’ve been using a certain cropping tool in Windows 11, you should be aware of a bug that was just found and that analysts say is a serious privacy issue.
Users can easily edit and crop screenshots with Microsoft’s Snipping Tool, but new research shows that the tool has a software flaw that lets a hacker get a piece of the original, unedited versions of those images. The tool is supposed to erase the data in the cut-off images, but it isn’t doing that. Instead, Snipping Tool keeps the data, which can be used with a simple coding script to bring back the parts of the image that were supposed to be removed.
David Buchanon and Simon Aarons, two security researchers, recently found the bug and gave it the name “airpocalypse.” They first found that it affected a different cropping tool, the Google Pixel’s Markup Tool. In that case, Buchanon and Aarons found that they could get back pictures that had been changed with Markup. Today, another researcher named Chris Blume found that Microsoft Snipping is also affected by the same bug.
The worry here is that whoever can take advantage of this bug might be able to get sensitive information from the images that are affected. So, I guess you should be worried if you’ve been using Microsoft’s snipper to edit pictures of secret documents, financial information, or your naked body. Buchanon writes in a blog post about how he tested the recovery methods on his own Pixel Markup-edited photos and slowly realised how dangerous this software flaw could be:
The worst time was when I posted a cropped screenshot of an eBay order confirmation email that showed the product I had just bought. With the exploit, I was able to remove the cropping from that screenshot and show my full mailing address (which was also present in the email). That’s not very good!
The technical details of how the leftover data can be used to help recover images are a bit complicated, but Bleeping Computer notes that researchers were able to do it with a simple Python script for Microsoft’s Snipper. In the case of the Pixel, researchers have set up a page where you can check to see if your cropped PNG images can be recovered. Since the bug was only found a few weeks ago and wasn’t made public until a few days ago, it doesn’t seem like it was too hard to set up that portal.
Gizmodo has asked Microsoft about the security problem. If they respond, this story will be changed.