Vulnerability Windows 11 has been revealed in that exposes users to the risk of disclosure of confidential information

The Snipping Tool Trick

The so-called "scissors" are a valuable and in-demand tool. With their help, you can, having received a static image of the screen, remove everything unnecessary from it. For example, personal information that a person wants to keep secret, then using the edited picture for the desired purpose.

But in Windows 11, it is in Snipping Tool that a serious vulnerability has been identified. It has even got a special name – aCropalypse. However, the fact that the developers have not yet got rid of it is alarming.



The essence of the bug is that it arbitrarily cancels the changes that the user makes when editing. Namely, cropped or blurry parts are restored in the picture. Since an ordinary person, unaware of a possible problem, will not notice this, he risks transferring personal information to unauthorized persons. And this already means a real threat that confidential information will fall into the hands of scammers or other intruders.

Vulnerability Details

Technically, everything happens as follows. The user takes a screenshot, and then finds it necessary to edit it. If, however, he later saves the processed image under the same name, only overwriting it, he gets a not very pleasant surprise.

As practice has shown, Snipping Tool leaves the deleted information in the file. It is almost imperceptible for the user, since it is added at the end. But it will not be difficult for a potential intruder to gain access to confidential data, since there are tricks that help to extract such information. In simple words, while the user is sure that he has deleted everything that is important to keep secret, in fact, personal information remains in the file, only in a hidden form.

You can suspect something is wrong on your own if you pay attention to the file sizes after processing. Although, logically, they should be smaller, in reality they contain more information: this includes those parts that the user tried to delete.

It is surprising that the developers are in no hurry to fix the error, because in fact every person who shares pictures on the network is vulnerable. For example, you can submit an order confirmation page with the confidence that the card data is cut off. However, a potential criminal will easily gain access to them.