Microsoft has finally released the security updates for Windows 11 Snipping Tool and Windows 10 Snip & Sketch applications last night after testing them thoroughly. This will resolve the issue of Acropalypse privacy vulnerability.
The latest version released for Windows 11 Snipping Tool is 10.2008.3001.0 and for Windows 10 Snip & Sketch is 11.2302.20.0. To install the latest updates, one can visit the Microsoft Store Library.
Microsoft Released OOB Security Windows Updates for Snipping Tool Error
The Acropalypse vulnerability started impacting Windows 11 & 10 users a week ago that was creating the possibility of partially recovering edited content from a photo. This bug was detected in Google Pixel’s Markup Tool initially.
This bug was retaining the original image’s raw data even after the image was edited or cropped. Thus, Microsoft’s inbuilt tools were unable to remove the sensitive image data from the original file causing leakage of private information possibly recovered from the image raw data that the user’s intended to edit out in the first place.
For example; the below image shows some extra data after the IEND file marker in the raw data. Usually, the IEND marker denotes the end of a PNG file, so there shouldn’t be any data after that. With the help of this additional data, some cyber exploiters can recover cropped-out information such as account numbers or anything personal.
Microsoft tracked this security flaw as CVE-2023-28303 and named it “Windows Snipping Tool Information Disclosure Vulnerability” which impacted thousands of public images. VirusTotal is believed to be hosting 4,000 such affected photos.
The company classified this incident as a low-risk threat as it needs uncommon user interaction which is beyond the exploiter’s control. Also, if such images were not made public, then there wasn’t a possibility of sensitive information leakage unless the user’s device is hacked.
