After the initial discovery regarding Pixel phones was shared, Twitter user Chris Blume released a report suggesting the same thing happened on Windows 11. Since then, David Buchanan (who wrote the article) original blog post explaining the vulnerability on Pixel phones) confirmed that it works almost identically to Windows 11’s Snipping Tool, although the app uses a different color scheme. You can verify this by looking at the file size, as the edited screenshot will likely be much larger since it includes information from the original image.
If you’re new to aCropalypse, it’s a vulnerability that allows most people to undo edits you’ve made to a screenshot, revealing information you may have cropped or blurred in your screenshots. Screenshots. When you edit the screenshot, you can save it with the same name as the original file, overwriting it. However, it turns out that Windows 11’s snipping tool doesn’t remove the original information from the file, but just leaves it appended to the end, in a way that’s not normally seen by users. With a few tricks, a potential attacker can retrieve hidden information from the file and see all the deleted information.
This is a pretty serious vulnerability because it’s not uncommon for users to crop or blur sensitive information in images of things you want to share. For example, if you share a screenshot of the order confirmation page on Amazon, it may include your address, and even if you clip it, it allows someone to potentially find the information. it by all means. You can also apply this logic to things like credit card numbers and other sensitive data.
Now that the vulnerability has been disclosed, a patch will hopefully be released soon. However, your existing edited screenshots will still be affected, so you may want to go back and take a look at anything that might reveal personal information, as attackers will certainly look for potential victims.