- Snipping Tool vulnerability keeps original image data after cropping.
- Researchers found that the flaw is available on the app for Windows 11 and 10.
- Microsoft is aware of the problem and working on a resolution.
Researchers find that the screenshot app (known as Snipping Tool) for Windows 11 (and 10) has a bug that doesn’t remove from the file the parts you may have cropped out, making it easier for hackers to gain access to edit parts of an image you didn’t want other to see.
According to David Buchanan on Twitter, the original information may remain in the file when using the Snipping Tool to take a screenshot and then save the file, crop the image, and save the file again.
Although this is a privacy concern, it’s not the case that anyone could access the original image since they would need specially crafted code to view the data. Also, the vulnerability only appears when you save the file, then crop and save again. If you take a screenshot with Snipping Tool and edit the image before saving it, the app will not save the original data.
The Snipping Tool is not the only app with this problem. Researchers recently also discovered that the cropping tool available on Google Pixel devices doesn’t remove the parts the user crops out from an image. Furthermore, it has also been said that the same code to see the rest of an image cropped by a Pixel device (with little modification) can be used to reveal the information from a screenshot taken by the Snipping Tool.
In a comment to The Verge, Microsoft has said that it’s aware of the reports and investigating and plans to take action accordingly to protect customers’ data.
Update March 23, 2023: Microsoft has identified the issue and has already created an update to resolve the problem. The Snipping Tool version 11.2302.20.0 containing the fix is currently available to participants with computers enrolled in the Windows Insider Program. Once the patch has proven to be effective and there aren’t other issues, the company will roll out the update to everyone with devices running Windows 11 or Windows 10.