Windows 11 Snipping Tool hit by major privacy flaw

Kevin Okemwa

snipping tool

We’re all familiar with the Snipping Tool, a handy utility that comes pre-installed on Windows 10 and Windows 11 that can be used to take screenshots and even to screen record.

It’s reported that it has been hit by a major privacy flaw that lets hackers retrieve sensitive data cropped out of screenshots without the user’s knowledge. This flaw is quite similar to aCropalypse, which has recently affected Google Pixel’s screenshot tool.

As it happens, when you are editing a screenshot you’ve taken using the tool and overwrite the original image by saving the newly edited image under the same name as the original file, the Snipping Tool apparently doesn’t get rid of the image’s original information from the file.

While it might not be as obvious to any user, the cropped-out details are still part of the newly edited screenshot as spotted by Chris Blume, a Software engineer on Twitter.

The user’s findings indicate that the Snipping Tool is also vulnerable to aCropalypse, meaning hackers can easily retrieve sensitive content that has been cropped out of an image using the utility.

Attackers don’t require any special tools to retrieve the cropped out data from screenshots. Blume highlights that the issue occurs because the Snipping Tool doesn’t truncate the file when saving the screenshot.

As spotted by BleepingComputer, the vulnerability has been replicated and confirmed by multiple users including Will Dormann, an info sec expert:

The flaw is also said to affect Windows 10’s Snip and Sketch Tool. However, the OS’s original Snipping Tool hasn’t been impacted. To this end, Microsoft is yet to acknowledge the issue, neither has it provided a fix.

It is advisable to rename your cropped screenshots when using the affected tools or alternatively use another image editor till the issue is patched.