Microsoft released two emergency updates to address the “aCropalypse” security gap which affects the native screenshot editing applications of Windows 10 and 11.
Such as he says Bleeping Computer, the company began testing a patch for the vulnerability earlier this week, shortly after it was discovered by software engineer Chris Blume.
On Friday afternoon, Microsoft began publicly rolling out updates to the Windows 11 Snipping Tool as well as the Windows 10 Snip & Sketch app. You can manually request the updates from Windows by opening the Microsoft Store, clicking “Library” and then “Get updates”.
Microsoft recommends that all users install the updates.
The aCropalypse flaw was first discovered on Pixel devices by Google which fixed it in the latest (March) Android security update.
In the case of the Windows 11 Snipping Tool, it turned out that the utility was not correctly replacing the clipped data in PNGs. This problem did not affect all PNG files, but there was concern that malicious users could exploit the vulnerability to recover edited images, particularly those that had been cropped to delete sensitive information.
As with Google's March Android update, Microsoft's updates will not protect images previously created with screenshot tools.