It turns out that there is a ``vulnerability that can restore data before editing'' in the screenshot editing function of Windows 11

It was reported that the Snipping Tool , a screenshot shooting and editing function that is standard in Windows 11, has a vulnerability that can restore data before editing. It has been pointed out that this is very similar to the vulnerability `` aCropalypse ( CVE-2023-21036 ) '' found in the screenshot editing function of Google's smartphone Pixel series.

Holy FUCK.

Windows Snipping Tool is vulnerable to Acropalypse too.

An entirely unrelated codebase.

The same exploit script works with minor changes (the pixel format is RGBA not RGB)

Tested myself on Windows 11 https://t.co/5q2vb6jWOn pic.twitter.com/ovJKPr0x5Y

— David Buchanan (@David3141593) March 21, 2023

Windows 11 Snipping Tool vulnerability can reveal sensitive information in screenshots
https://www.xda-developers.com/windows-11-snipping-tool-sensitive-information-acropalypse/

Windows' screenshot tool may be saving stuff you cropped out, too - The Verge
https://www.theverge.com/2023/3/21/23650657/windows-snipping-tool-crop-screenshots-vulnerability

Markup, a screenshot editing feature that comes standard with the Pixel series, allows users to crop screenshots, add text and blackouts, and more. However, in March 2023, it was reported that there was a vulnerability that could restore screenshots edited with markup to their unedited state.

Vulnerability in Google Pixel's screenshot editing function, danger of personal information leakage - GIGAZINE

New security researcher David Buchanan reported that the Snipping Tool , a screenshot shooting and editing function of Windows 11, also has a vulnerability very similar to markup.

Although the markup and Snipping Tool use different color models, Buchanan said he confirmed on his Windows 11 that with minor changes to aCropalypse's exploit script, the unedited image could be restored. .

Windows users may use the Snipping Tool to trim or blur out credit card numbers, addresses, and other parts of the screenshots they don't want others to see. Therefore, any vulnerability that allows restoration of the original image from the edited image poses a very serious security risk.

A series of vulnerabilities are due to the fact that the edited image also contains the unedited data in the screenshot editing tool. Therefore, the parts not included in the screenshot before editing are not restored.

-Take a screenshot.
-Press the save icon.
-Crop the screenshot.
-Press the save icon and save to the same file (the default!)

— David Buchanan (@David3141593) March 21, 2023

Also, although a similar vulnerability exists in Snip & Sketch installed in Windows 10, it is not applied to Windows 10 Snipping Tool.

But does not apply to the original snipping tool, on win10 https://t.co/kVXTGzlhaU

— David Buchanan (@David3141593) March 21, 2023

Technology media XDA Developers said, ``With the disclosure of this vulnerability, it is expected that a patch will be issued soon. It would be better to review the images that may contain '.