Android ‘Acropalypse’ screenshot bug turns out to be a Windows 0 vulnerability – Ars Technica

Earlier this week, programmer and “occasional security researcher” Simon Aarons exposed a bug in Google’s Markup screenshot editing tool for Pixel phones. The bug, dubbed “acropalypse,” allows partial recovery of content you’ve cropped from your Android screenshot, which can be problematic if you’ve deleted sensitive information.

Today, Aarons collaborator David Buchanan, open A similar bug affects the Snipping Tool app in Windows 11. As Detailed by Bleeping Computerwhich was able to check for the error, all PNG files contain “IEND” data segment It tells the program where the image file ends up. Screenshot cropped with the Snipping tool and then saved over the original (default behavior) Adds a new IEND clip to the PNG image but leaves a bunch of original screenshot data after IEND piece.

Buchanan says a copy of the script “with minor changes” can be used to read that data and restore it, partially restoring the portion of the image you cut out from the original screenshot. Buchanan isPostpone publicationWindows compatible versions of these scripts because Microsoft (unlike Google) didn’t have time to patch the vulnerability.

Buchanan says the issue also affects the “Snip and Sketch” tool in Windows 10, the app that became the basis for the new Windows 11 Snipping Tool. The old Windows Vista-era Snipping Tool, which is still included as a separate app in Windows 10, is not affected by this bug.

Microsoft told Bleeping Computer that it was “investigating” the issue. Meanwhile, there are workarounds – re-save the cropped image with another photo editing application that seems to extract all the data from the end of the file. And while the trimmer appears to leave data at the end of cropped JPEG files, current exploits only work with PNG images, not JPEGs.