Stories
Slash Boxes
Comments

SoylentNews is people

Microsoft to Fix Windows 11 ‘aCropalypse’ Privacy Failure

posted by janrinok on Tuesday March 28, @11:02AM   Printer-friendly

upstart writes:

Microsoft to fix Windows 11 'aCropalypse' privacy failure:

Updated Microsoft is said to be preparing to fix the high-profile "aCropalypse" privacy bug in its Snipping Tool for Windows 11.

Users can remove sensitive information or some other parts of photos, screenshots, and other images by cropping them using the Snipping Tool app. The problem is that for the Windows 11 app – as well as Microsoft's Snip & Sketch cropping tool in Windows 10 – the file of the cropped image still includes the cropped out portions, which can be recovered and viewed.

A similar flaw was found in Google's Markup image-editing app for its Pixel smartphones. According to reverse engineers Simon Aarons and David Buchanan – who named the bug aCropalyse – the problem affects Pixel smartphones since 2018, when the 3 series came out. Google patched its code to avoid leaking cropped areas of images.

Then this week, Buchanan confirmed that the Windows Snipping Tool and Snip & Sketch software had the same issue. If a user cropped a photo or other image using the software and then saved the edited image over the original file, that file still contains the cropped-out portion. The area isn't visible when viewing the image using normal tools, but the data is still there in the file, and can be restored and viewed using appropriate recovery software.

Steven Murdoch, a professor of security engineering at the UK's University College London, shared some thoughts here on the underlying issue within Windows, specifically its latest Save File API, which he described as "defective by design."

[...] Meanwhile, if you've used Microsoft's code to crop your snaps and then shared them on, be aware someone with a copy of them might be able to recover the lopped-off portions. ®

Original Submission

 
This discussion was created by janrinok (52) for logged-in users only, but now has been archived. No new comments can be posted.
Microsoft to Fix Windows 11 ‘aCropalypse’ Privacy Failure | Log In/Create an Account | Top | 9 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Interesting) by Runaway1956 on Tuesday March 28, @02:41PM (1 child)

    by Runaway1956 (2926) Subscriber Badge on Tuesday March 28, @02:41PM (#1298499) Homepage Journal

    If a user cropped a photo or other image using the software and then saved the edited image over the original file

    Easy solution, right? Instead of saving your edited file on top of the old file, create a new file. I don't do much of this type of thing, but I always create a new file, instead of saving the old file. I would much rather have 26 versions of the same file, from which I can pick and choose, than to lose access to the original. Added benefit here, random people can't recover the data you erased, or peek under the stuff you added to the file.

    --
    Abortion is the number one killed of children in the United States.
    Starting Score:    1  point
    Moderation   +2  
       Interesting=2, Total=2
    Extra 'Interesting' Modifier   0  
    Total Score:   3  

  • (Score: 0) by Anonymous Coward on Tuesday March 28, @03:33PM

    by Anonymous Coward on Tuesday March 28, @03:33PM (#1298506)

    Is there anyone here with suitable tools (and a Win 10/11 machine) to confirm that "saving as" to a new file fully removes the cropped portion of the original snip? Given that this is Windows, it may or may not work as expected...