The Windows 11 cropping tool shares a Google Pixel security flaw

The acropalypse is nigh… but this time it’s Windows 11 that’s slipped up

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Fresh off the back ofGooglePixel’s Markup tool being found to have retained image dataeven when edited out, software engineer Chris Blume has found a similar bug in theWindows 11Snipping Tool.

Dubbed “acropalypse”, the phenomenon works when an existing file is overwritten with edits, such as crops. Rather than omitting the cropped data, the image file retains it, potentially allowing it to be recovered and used in anidentity theftattack.

PerBleepingComputer, the researchers who discovered the original Google Pixel flaw, David Buchanan andSimon Aarons, havelaunched a tooldemonstrating that this is possible, although we should probably stress that you should only use it for testing purposes.

Acropalypse on Windows 11

The Windows rendition of the bug, whichalso appliestoWindows 10’s Snip and Sketch tool, has been corroborated by vulnerability expertWill Dormannand BleepingComputer in testing, but it’s also easily verifiable by anyone.

In Snipping Tool, once you’ve take a screenshot, cropped it, and saved it as a copy of the original, compare the file sizes. With any (bad) luck, they’re the same.

Several zero day vulnerabilities are plaguing Android devices with Samsung chips, warns Google>How to take a screenshot in Windows 11>We’ve also listed the best screen recorders right now

And, as you can notice by opening one in atext editor, PNG filesgenerally requirethat all files end with an “IEND” data chunk, but Snipping Tool fails to both remove the data, and presents it after the chunk.

That Google Pixel and Windows are both susceptible to a highly similar bug with the potential to do quite a bit of harm should be concerning given that, as Buchanan noted in a profanetweeton Tuesday, the Markup and Snipping tools are two “entirely unrelated” codebases.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Luke Hughes holds the role of Staff Writer at TechRadar Pro, producing news, features and deals content across topics ranging from computing to cloud services, cybersecurity, data privacy and business software.

Nokia confirms data breach leaked third-party code, but its data is safe

Rising AI threats are making firms turn back to human intelligence

Google is testing interactive voice searches with results that update in real time