Microsoft issued an emergency security update late on Friday that fixes the flaws in the Windows 11 Snipping Tool and the Windows 10 Snip & Sketch tool that were discovered earlier this week. The flaws, which were similar to ones found in Google's Pixel snipping tools, have been labeled as the "Acropalypse."
Both tools had issues that would have allowed hackers to possibly bring back data that users had previously cropped out of an image. Microsoft updated the Windows 11 Snipping Tool for Insiders in the Canary Channel to fix the problem on Thursday.
Now updates for both the Windows 11 Snipping Tool (11.2302.20.0) and the Windows 10 Snip & Sketch tool (10.2008.3001.0) are now available in the Microsoft Store.
In addition, Microsoft has issued a security note for the flaw, CVE-2023-28303. The note states that this alert has been labeled as "Low" because "successful exploitation requires uncommon user interaction and several factors outside of an attacker's control." Specifically, the note states:
- The user must take a screenshot, saved it to a file, modify the file (for example, crop it), and then save the modified file to the same location.
- The user must open an image in Snipping Tool, modify the file (for example, crop it), and then save the modified file to the same location.
Keep in mind that this issue does not appear in the default Snipping Tool in Windows 10, or any older versions.
10 Comments - Add comment