Microsoft finally resolved the Acropalypse flaw in Windows 10 Snip & Sketch and Windows 11 Snipping Tool by releasing security updates that brings the utility tools to version 11.2302.20.0 and version 10.2008.3001.0, respectively. The updates are now available via the Microsoft Store.
Days ago, experts discovered that the Acropalypse privacy flaw reported affecting Google Pixel’s Markup Tool was also present in Microsoft’s Windows 10 Snip & Sketch and Windows 11 Snipping Tool. The issue allows the tools to keep the data of the removed parts of cropped features instead of completely removing them after overwriting the original file. This poses possible problems, especially when the Acropalypse-affected tools are used for cropping sensitive images.
However, Microsoft said the Acropalypse, now called CVE-2023-28303 (Windows Snipping Tool Information Disclosure Vulnerability), is a low-severity vulnerability due to the specific conditions that must be met. In particular, the Redmond company explained that a “successful exploitation requires uncommon user interaction and several factors outside of an attacker’s control.”
- The user must take a screenshot, saved it to a file, modify the file (for example, crop it), and then save the modified file to the same location.
- The user must open an image in Snipping Tool, modify the file (for example, crop it), and then save the modified file to the same location.