- Snipping Tool vulnerability keeps original image data after cropping.
- Researchers found that the flaw is available on the app for Windows 11 and 10.
- Microsoft is aware of the problem and working on a resolution.
Researchers have discovered a problem in the Snipping Tool screenshot program for Windows 11 (and 10) that allows hackers to more easily alter portions of an image you don’t want other people to see by leaving the bits you may have clipped out in the file.
David Buchanan stated on Twitter that if you use the Snapping Tool to capture a snapshot, save the file, crop the image, and then save the file again, the original information might still be in the file.
This raises privacy concerns, however since someone would require specially written code to examine the data, they couldn’t obtain the actual image. Additionally, the vulnerability only manifests itself when you save the file, crop it, and then save it again. The application will not preserve the original data if you use Snipping Tool to take a screenshot and then make changes to the image before saving it.
This issue is not exclusive to the Snipping Tool program. Additionally, researchers have found that the cropping function on Google Pixel devices does not eliminate the portions of an image that the user crops out. Additionally, it has been claimed that the information from a screenshot taken by the Snipping Tool can be revealed using the same code that allows you to view the remainder of an image cropped by a Pixel device (with minimal alteration).
Microsoft stated in a message to The Verge that it is aware of the concerns, is looking into them, and intends to take the necessary steps to protect user data.
Update March 23, 2023: Microsoft has already developed an update to fix the vulnerability after identifying it. Participants with Windows Insider Program-enrolled machines can now get the Snipping Tool version 11.2302.20.0, which includes the update. Everyone using Windows 11 or Windows 10 devices will receive the update from the firm once the fix has been shown to be successful and there are no more problems.