A new problem has been discovered in Microsoft's image cropping tool in Windows 10 and 11. Researcher David Buchanan has published his findings on his Twitter account,
The post shows that Buchanan took a screenshot with the Microsoft Windows 11 Snipping Tool and saved it. It then cropped the image, and saved it to the same file to show that the “cropped” data was not deleted.
Dubbed “aCropalypse,” this security flaw means someone could recover data from the cropped part of the image. Buchanan stated, “The same exploit script works with minor changes (even if the pixel format is in RGBA rather than RGB).” In a later post he added that the same problem is found with Microsoft's Snip & Sketch tool included with Windows 10, but not with the original Windows 10 snipping tool.
These exploits could theoretically be used by hackers to reveal sensitive information that had been clipped into images, such as passwords, credit card numbers, bank accounts and more. So far, Microsoft has not mentioned anything about this problem yet.
