Android ‘Acropalypse’ screenshot bug turns out to be a Windows 0 vulnerability – Ars Technica

Android ‘Acropalypse’ screenshot bug turns out to be a Windows 0 vulnerability – Ars Technica
Zoom in / Windows 10 and 11 have their own version of the Acropalypse screenshot editing error.

acropalypse.app/Andrew Cunningham

Earlier this week, programmer and “occasional security researcher” Simon Aarons exposed a bug in Google’s Markup screenshot editing tool for Pixel phones. The bug, dubbed “acropalypse,” allows partial recovery of content you’ve cropped from your Android screenshot, which can be problematic if you’ve deleted sensitive information.

Today, Aarons collaborator David Buchanan, open A similar bug affects the Snipping Tool app in Windows 11. As Detailed by Bleeping Computerwhich was able to check for the error, all PNG files contain “IEND” data segment It tells the program where the image file ends up. Screenshot cropped with the Snipping tool and then saved over the original (default behavior) Adds a new IEND clip to the PNG image but leaves a bunch of original screenshot data after IEND piece.

Buchanan says a copy of the script “with minor changes” can be used to read that data and restore it, partially restoring the portion of the image you cut out from the original screenshot. Buchanan isPostpone publicationWindows compatible versions of these scripts because Microsoft (unlike Google) didn’t have time to patch the vulnerability.

Cropped and then partially restored Windows screenshot using a modified version of the character skip script.  Not all photos are recoverable, but it still has the potential to expose confidential information.

Cropped and then partially restored Windows screenshot using a modified version of the character skip script. Not all photos are recoverable, but it still has the potential to expose confidential information.

Buchanan says the issue also affects the “Snip and Sketch” tool in Windows 10, the app that became the basis for the new Windows 11 Snipping Tool. The old Windows Vista-era Snipping Tool, which is still included as a separate app in Windows 10, is not affected by this bug.

See also  NVIDIA has sold 160,000 GeForce RTX 40 graphics cards already, but stores are still full of RTX 4080s

Microsoft told Bleeping Computer that it was “investigating” the issue. Meanwhile, there are workarounds – re-save the cropped image with another photo editing application that seems to extract all the data from the end of the file. And while the trimmer appears to leave data at the end of cropped JPEG files, current exploits only work with PNG images, not JPEGs.

Leave a Reply

Your email address will not be published. Required fields are marked *