Windows 11’s Snipping Tool has a vulnerability that can let hackers retrieve at least a part of the information that has been cropped out from an image. The issue is similar to the one that affects Google’s Markup tool in its Pixel smartphones.
To recall, developers Simon Aarons and David Buchanan last week pointed out that Google’s Markup tool has a bug that can let hackers retrieve at least part of the information in edited screenshots. The issue stems from the fact that the Markup tool saves the screenshot and the edited image in the same folder without overwriting or replacing the old image with the new image, which in turn makes it possible to retrieve the edited details. Or at least a part of it.
Now, developer Chris Blume has confirmed that a similar issue exists with Windows 11’s snipping tool. Essentially the tool instead of truncating any unused data after overwriting an existing file, leaves it behind. This unused data can then be used to recover the original image at least partially.
Security researcher Will Dormann in a thread on Twitter explained that the bug is simple to test. All users need to do is open an image with Snipping tool and crop it to make it smaller before saving it. On comparing the original image size with that of the cropped image, it’s easy to understand that the tool saves a part of the cropped-out data, which can be used later to recreate or retrieve a part of the original image.
“When saving over a file, Snipping Tool will overwrite the number of bytes required to save your edited image, leaving the remaining bytes intact,” he wrote in his Twitter thread.
What’s equally worrisome is that this bug not only affects Snipping tool in Windows 11 but it also affects the Snip and Sketch tool in Windows 10. This means all the Windows 10 and Windows 11 users are vulnerable to this bug, that is, if they use it.
1. Copy an image (to have a backup)
2. Open one with Snipping tool
3. Crop it to make it much smaller
4. Click the Save icon
5. Compare file sizes of cropped and original
6. Wonder about the world that you live in https://t.co/2V3totEqw6 pic.twitter.com/g19MTxlzN1
— Will Dormann (@wdormann) March 21, 2023
Bleeping Computer notes that this issue persists not only with PNG images but also with JPG images. Thankfully, Microsoft is aware of these reports, and it is investigating the matter. So, a fix for this bug should be out shortly.Get latest Tech and Auto news from Techlusive on our WhatsApp Channel, Facebook, X (Twitter), Instagram and YouTube.
Author Name | Shweta Ganjoo