Microsoft has released a pair of emergency updates to address the “aCropalypse” security flaw found within its native Windows 10 and 11 screenshot editing apps. As Bleeping Computer reports, the company began testing a fix for the vulnerability earlier this week shortly after it was discovered by retired software engineer Chris Blume.
On Friday evening, Microsoft began rolling out public updates for Windows 11’s Snipping Tool as well as Windows 10’s Snip & Sketch app. You can manually prompt Windows to patch the app you use by opening the Microsoft Store and clicking on “Library,” followed by “Get Updates.” Microsoft recommends all users install the updates.
The aCropalypse flaw was first discovered on Pixel devices, and subsequently addressed by Google in Android’s recent March security update. In the case of Windows 11’s Snipping Tool, it turned out the utility wasn’t properly overwriting cropped PNG data. The issue did not affect all PNG files, but the concern was that bad actors could exploit the vulnerability to partially recover edited images, particularly those that had been cropped to omit sensitive information. As with Google's March Android update, Microsoft's patches won't protect images that were previously created with its screenshot tools.