The Windows 11 Snipping Tool and Windows 10 Snip & Sketch Tool now have a flaw that preserves the portions of the image you crop instead of completely removing them. If the same file is accessed by the wrong person, this can cause trouble for users, especially those who frequently use these tools to crop sensitive and confidential photos such as credit cards, explicit images, documents, etc. The vulnerability, dubbed "acropalypse," can be used to recover "cropped" portions of a photo that appear to have been deleted during the cropping process. Experts first discovered this in the Google Pixel's markup tool, and they demonstrated it with the acropalypse screenshot recovery utility. Now, the same flaw is reportedly affecting the Windows 11 Snip Tool and Windows 10 Snip & Sketch tools. However, Microsoft has yet to provide any clarification on the issue.
Various experts, including Will Dormann (who also discovered ASLR vulnerabilities and zero-day vulnerabilities in Windows Mark of the Web tags) and David Buchanan (who discovered acropalypse in Google Pixel), were presenting evidence The problem was later confirmed. and provides a good technical explanation documenting this issue. According to the report and mentioned by another expert and software programmer Chris Blume, the Snipping Tool saves the cropped file "with all extra content added after the PNG IEND block," which means it preserves the data instead of ignoring them.
In a recent post, Dormann showed how the Snipping Tool preserves the file size of an image after it goes through the cropping process.
"When saving the file, Snipping Tool will overwrite the number of bytes required to save the edited image, leaving the remaining bytes unchanged," explained Dormann, who later showed a full breakdown of how to restore a cropped image. Step-by-step guide to using the image section of jpg.repair.
The above is the detailed content of This is why using Win11 Snipping Tool, Win10 Snip & Sketch is not ideal right now. For more information, please follow other related articles on the PHP Chinese website!