Cropping an image in Windows 11 is easy. Just grab the snipping tool and go to town. But what if we told you that a malicious actor can recover data from that cropped image? It’s a real thing that happens to Google Pixel users and apparently to Windows 11 PCs as well.
There have been reports of a new vulnerability called “Acropalypse”, which is affecting Google Pixel smartphone owners who crop images using Markup. Someone can recover parts of previously cropped images, exposing compromising information, such as credit card numbers. New reports indicate that the issue affects Windows 11 as well. By making minor changes to the exploit script used on Pixel phones, you can recover data from some images cropped with the Snipping Tool on Windows 11 and Snip & Sketch on Windows 10. The original Snipping tool in Windows 10, which was largely unchanged from Windows 8 7, does not appear to be affected.
You can also try this quite easily. Just open an image with Snipping Tool, crop a small part and save it. Even though it’s much smaller, you’ll see that the image is somehow the same file size. This means that the image is vulnerable: the bits and pieces you can recover from it can be a jumbled mess, but you can make out a few things about it. If you’re clipping sensitive information from a screenshot like this, there’s a non-zero chance that someone could get it back.
We’ve reached out to Microsoft for comment and will update this post if we hear back. For now, this appears to be an unpatched vulnerability, so be careful which screenshots you’re cropping and how you’re doing it.