Windows 11 Snipping Tool Vulnerability Exposes Sensitive Data

By   Adeola Adegunwa
Writer , Informationsecuritybuzz | Mar 22, 2023 08:49 am PST

The Windows Snipping Tool has also been discovered to be vulnerable to a serious privacy problem known as “acropalypse,” which enables users to partially recover content that has been cut out of an image. David Buchanan and Simon Aarons, two security researchers, found a problem in Google Pixel’s Markup Tool last week that allowed the original image data to be kept even after it was altered or cropped off.

This issue raises serious privacy concerns. If a user publishes a picture, such as a credit card with a redacted number or revealing images with the face cropped off, retrieving some of the original images would be feasible. The researchers constructed an online tool called acropalypse screenshot recovery to try and recover modified images made on Google Pixel in order to demonstrate this problem.

Snipping Tool For Windows 11 & 10 Was Also Affected

Chris Blume, a software expert, has confirmed that the Windows 11 Snipping Tool is likewise vulnerable to the “acropalypse” privacy bug. When a file is opened with the Windows 11 Snipping Tool, and an existing one is overwritten, the unused data is left behind rather than truncated, allowing for partial recovery.

Vulnerability specialist Will Dormann also validated the Windows 11 Snipping Tool problem with Dormann’s assistance. We used the Windows 11 Snipping Tool to open an existing PNG image, crop it (you can also edit or mark it up), and then save the modifications to the original file to test this. The photos below show both the uncropped originals and the results.

The original image file’s file sizes (office-screenshot-original.png) and cropped image file (office-screenshot.png), as can be seen below, are the same, even though the cropped image now has far fewer data than the original.

According to the PNG format specification, a PNG image file must always finish with an ‘IEND’ data chunk. Image editors and viewers discard any further data inserted after this point. The Windows 11 Snipping Tool did not properly truncate the unused data, and it is still present after the IEND data block after replacing the original image with the cropped version.

Anything following the initial IEND is disregarded, so when you open the file in an image viewer, all you see is the cropped image. The original image can be partially recreated using the untruncated data, albeit this could expose private areas of the image.

Although Buchanan shared a Python script with BleepingComputer that can be used to recover Windows files, the researcher’s online acropalypse screenshot recovery software does not yet support Windows files.

Consider cropping off portions of an image or sensitive data when you screenshot a private document, a nude photo, or a sensitive spreadsheet. Even if you are unable to restore the original image completely, someone can recover private information that you do not want to be made public.

It should be noted that this vulnerability does not affect all PNG files, including optimized PNGs. According to Buchanan, “Your initial PNG was saved with a single zlib block (typical for “optimized” PNGs), but genuine screenshots are saved with several zlib blocks (which my attack requires).

Additionally, suppose an untruncated PNG file is opened in an image editor like Photoshop and saved to another file. In that case, the unused data at the end will be stripped off and rendered unrecoverable.

Last but not least, the Windows 11 Snipping Tool behaves the same way while working with JPG files, leaving data intact if overwritten. But his attack does not presently work on JPGs.

Microsoft acknowledged the accusations and said they were looking into them. “We are looking into these claims and are aware of them. We will act as soon as necessary to assist protect users “a representative for Microsoft informed.


In a recent study, Microsoft’s Snipping Tool for Windows 11 and the Snip & Sketch tool in Windows 10 was found to be more effective than a flaw that could let third parties access private data. David Buchanan found that if a screenshot was captured, saved, cropped, and then saved once again, the data may still be available in the file, and with a few “small adjustments,” the information might be obtained.

Despite the vulnerability being fairly limited, Buchanan cautions that information users may have thought they had destroyed could still be available online. This discovery comes after a prior revelation by Buchanan and researcher Simon Aarons about the “acropalypse” vulnerability of Pixels, highlighting the danger of sensitive information is kept intact in photos made using the tool. Microsoft has announced that they are aware of the problem, are looking into it, and will take steps to protect their consumers.

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x