GIVEAWAY: Patriot Viper Xtreme 5 DDR5, Viper Venom DDR5, and VP4300 2TB SSD

There's now a fix for Windows 11's nasty 'acropalypse' security flaw

Good news - 'acropalypse now' has become 'acropalypse then' as fixes have been deployed for this glaring bug in both Windows 11 and Windows 10.

There's now a fix for Windows 11's nasty 'acropalypse' security flaw
2 minutes & 14 seconds read time

Microsoft has swiftly deployed emergency fixes for a security flaw in Windows 11 that affected the Snipping Tool (and the Snip & Sketch app in Windows 10, too).

This bug was rated as a 'low' severity affair by Microsoft, but some affected users may not agree with that assessment (Image Credit: Elisa Ventur / Unsplash)

This bug was rated as a 'low' severity affair by Microsoft, but some affected users may not agree with that assessment (Image Credit: Elisa Ventur / Unsplash)

Those screenshot-grabbing and editing utilities were blighted by an issue whereby cropped data in PNG image files wasn't being properly overwritten, playfully named the "acropalypse" bug.

In other words, when users crop a file, the part of the picture discarded could potentially be recovered and scrutinized by someone exploiting the flaw.

That may not sound like all that big a deal on the face of it, but if the cropped part of the image consists of sensitive details, there's a possibility the vulnerability could be leveraged to see that data.

As Microsoft puts it: "When an existing image is partially overwritten, an attacker may be able to recover parts of the original image through the use of a special tool."

Note that only some PNG files are affected, but clearly enough, this is still a worrying state of affairs. Notably, the PNG has to be cropped and saved to the same location on your drive to be vulnerable. In other cases, such as copying a cropped image from the Snipping Tool and pasting it into an email, the hidden data isn't copied across, and therefore can't be subsequently accessed.

At any rate, Microsoft has now produced the remedy, thankfully, in the form of updates for the respective apps.

To grab these patches - and you should do this immediately- we'd suggest - head to the Microsoft Store to update either the Snipping Tool or Snip & Sketch. (You should be running version 11.2302.20.0 or better for the former, and version 10.2008.3001.0 or newer for the latter).

Of course, the bug is only fixed for PNG files created going forward. If you've already made and cropped a PNG in recent times, then the flaw will still be present, and that image could still potentially be vulnerable to attack - providing you've shared it online, away from your PC. There's not much Microsoft can do about existing files that might carry the bug for obvious reasons.

You may recall that Android users were also troubled by this "acropalypse" bug, and Google had to patch its Markup Tool to defend against it on Pixel devices earlier this month.

Microsoft rated the vulnerability with a severity of 'low' due to there being several factors beyond the attacker's control regarding whether or not any given PNG can have its cropped contents peeked at, and also that exploitation requires "uncommon user interaction."

However, Microsoft is rather playing things down here, it would seem. Security experts spoke to BleepingComputer and indicated the number of public images hit by the security flaw might be 'high', and VirusTotal is showing over 4,000 images affected by the bug.

Buy at Amazon

Windows 11 Home (Digital Download)

TodayYesterday7 days ago30 days ago
* Prices last scanned on 6/2/2023 at 6:15 pm CDT - prices may not be accurate, click links above for the latest price. We may earn an affiliate commission.

Darren has written for numerous magazines and websites in the technology world for almost 30 years, including TechRadar, PC Gamer, Eurogamer, Computeractive, and many more. He worked on his first magazine (PC Home) long before Google and most of the rest of the web existed. In his spare time, he can be found gaming, going to the gym, and writing books (his debut novel – ‘I Know What You Did Last Supper’ – was published by Hachette UK in 2013).

Newsletter Subscription

Related Tags

Newsletter Subscription
Latest News
View More News
Latest Reviews
View More Reviews
Latest Articles
View More Articles