Windows snipping tool vulnerable to “Acropalypse”

Create a screenshot or photo, cut away sensitive data using the crop function, save and upload: This process was able to leave parts of the cut-out information in the saved file on Google’s pixel phones, for example – the gap has been given the name “Acropalypse”. As Google distributes an update to close the gap, an IT pro found the same behavior in Windows 11’s snipping tool.

There’s not much you can do with graphics in the Windows Snipping tool, you can crop them with it. If you save the cropped file with the same name as the original—preceded by a warning dialog asking if you really want to overwrite the existing file—the file size stays the same instead of decreasing.

The behavior can be reproduced very easily. When overwriting, the existing data that was contained in the file after the end of the saved section is retained. This can be easily understood using a hex editor, for example.

An original file for testing was 192 kbyte. After cropping and overwriting, the file size remained unchanged.

File sizes after overwriting

File sizes after overwriting

File size after overwriting the existing file does not change in Windows 11 Snipping Tool.

(Image: Screenshot/dmk)

PNG files use the letter sequence IEND as an end marker. Then you can search in the files:

Screenshot Hex Editor - PNG end marker in middle of file

Screenshot Hex Editor - PNG end marker in middle of file

In the file overwritten with the snipping tool, the PNG end marker is in the middle of the file. This is followed by the data previously contained in the original file.

(Image: Screenshot/dmk)

In the file overwritten using the Windows snipping tool, the IEND marker is in the middle of the file. The rest contains the data that was previously there in the original file. They are therefore retained in the file and could therefore contain unwanted information. When saving the file with the new filename using Windows 11’s snipping tool, the file closes as expected with the IEND marker on the line around address 0x5F40.

However, other Windows tools proceed correctly. Even simply opening and saving the file with the “unnecessary data ballast” with Windows Paint immediately shrinks the file to the correct size. Potentially sensitive, cut-off data is no longer included. Presumably the necessary change is trivial. The opening of files for writing knows different modes in actually all programming languages: For example “always create new” or “overwrite”. It could be that the developers just chose an inappropriate mode.

Unlike the tool for editing screenshots on Pixel phones, the snipping tool is probably not used as often on Windows. The use of the Paint system tool is likely to be widespread, but it handles the files correctly. Other image processing such as Photoshop or GIMP have also not been suspicious so far. Nevertheless, Microsoft should address the problem quickly and distribute a bug-fixed version of the snipping tool. The fact that the company’s developers know how to do it right is shown by the example of Paint, which even corrects an “oversized file with unwanted content” when it is saved.

If you use the snipping tool, you should not simply overwrite files, but give them a new file name so that you don’t accidentally reveal sensitive information. Files already stored in this way can be corrected with Windows Paint simply by opening and saving them.


To home page

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *