A screenshot security hole affects more than just Android smartphones. Chris Blume, a developer, has found that the Snipping Tool in Windows 11 is vulnerable to a related exploit. The utility leaves some of the cropped-out image intact, making it possible to retrieve some of the image’s original content and perhaps extract sensitive information. A slightly modified version of the script used to show the Android vulnerability may be used to extract the allegedly secret information, as researcher David Buchanan confirmed to BleepingComputer.
Certain PNG files, including optimised images, are unaffected by the problem. By saving the cropped image as another file in an image editing program, you can also erase the unused data. JPEG files also retain information from the original screenshot, but as of yet, the hack is not known to function with this file type.
We have contacted Microsoft for comment and will update you when we do. Microsoft claims it is “investigating” the security complaints and will “take action as needed” to protect users in a statement to BleepingComputer.
Recently, Buchanan and programmer Simon Aarons discovered a serious “aCropalypse” bug in Google Pixel phones’ Markup snapshot capability. Although Google has now fixed the security flaw with its March update (which has since been extended to Pixel 6 phones), the correction only applies to photographs made after the patch was applied. Existing images might experience the same issue if Microsoft delivers a comparable Windows 11 update.
As you might expect, the worry is that a hacker with access to your photos could use a script to recover any information you want to keep private, such contacts or trade secrets. The information could be used by the offender for espionage, blackmail, or harassment. For locally stored screenshots, this may not be a major problem (you have more issues if an attacker already has access to your device), but for unaltered photographs you keep in the cloud, it could be highly problematic.
