Recently it was discovered that screenshots edited using the Markup tool in pixel smartphones and custom ROMs can be recovered easily which Google fixed in March Security Patch, but on a totally unrelated codebase which is Windows 11, Screenshots edited using Windows 11 Snipping Tool does not truncate any unused data, it leaves the unused data behind, allowing it to be partially recovered leading to sensitive portions to be revealed.
It does NOT affect Windows 10 Snipping but the ‘Snip & Sketch” tool in Windows 10 is affected
You can try it out yourself as well:
- Take a screenshot on your pixel smartphones or custom ROMs as a base
- Crop it using Windows 11 Snipping Tool
- Overwrite the file and click on save as
- Recover it using custom resolution or pixel-compatible presets on the apocalypse demo website
Windows Snipping Tool is vulnerable to Acropalypse too.
An entirely unrelated codebase.
The same exploit script works with minor changes (the pixel format is RGBA not RGB)
Tested myself on Windows 11 https://t.co/5q2vb6jWOn pic.twitter.com/ovJKPr0x5Y
— David Buchanan (@David3141593) March 21, 2023