A recent security flaw in Windows 11’s Snipping Tool has raised concerns about data privacy. Developer Chris Blume has discovered that the Snipping Tool does not completely erase unused PNG image data, making it possible for some of the cropped-out picture to be recovered and sensitive data to potentially be obtained. While the issue does not affect some PNG files, including optimized images, it is still a cause for concern.
According to BleepingComputer, researcher David Buchanan has verified that the supposedly hidden information can be extracted using a slightly modified version of the script used to demonstrate the Android vulnerability. Buchanan and programmer Simon Aarons recently found a severe “aCropalypse” flaw in the Markup screenshot feature on Google Pixel phones, which was subsequently patched by Google.
Despite Microsoft’s assurances that it is investigating the security reports and will take action as needed to protect users, the fact that the same exploit script works with minor changes on Windows 11’s Snipping Tool is alarming. It is yet to be seen if existing images may have the same problem and if a corresponding Windows 11 update will be released.
This latest security flaw highlights the need for greater attention to data privacy and security in the technology industry. As more and more of our personal and sensitive data is stored and shared online, it is imperative that companies take all necessary steps to protect their users from vulnerabilities and security breaches.