It's not just Android phones that are vulnerable to a screenshot security flaw. Developer Chris Blume has discovered that Windows 11's Snipping Tool falls prey to a similar exploit. The utility doesn't completely erase unused PNG image data, making it possible to recover some of the cropped-out picture and potentially obtain sensitive data. As BleepingComputerverified with researcher David Buchanan, you can extract the supposedly hidden info using a slightly modified version of the script used to demonstrate the Android vulnerability.
The issue doesn't affect some PNG files, including optimized images. You can also wipe the unused data by saving the cropped picture as another file in an image editing tool. JPEG files also leave data from the original screenshot, but the exploit isn't known to work with the format at this stage.
holy FUCK.
— David Buchanan (@David3141593) March 21, 2023
Windows Snipping Tool is vulnerable to Acropalypse too.
An entirely unrelated codebase.
The same exploit script works with minor changes (the pixel format is RGBA not RGB)
Tested myself on Windows 11 https://t.co/5q2vb6jWOnpic.twitter.com/ovJKPr0x5Y
We've asked Microsoft for comment and will let you know if we hear back. In a statement to BleepingComputer, Microsoft says it's "investigating" the security reports and will "take action as needed" to protect users.
Buchanan and programmer Simon Aarons recently found a severe "aCropalypse" flaw in the Markup screenshot feature on Google Pixel phones. While Google has since patched the security hole with its March update (now expanded to Pixel 6 phones), the fix only addresses images created after installing the patch. Provided Microsoft releases a corresponding Windows 11 update, existing images may have the same problem.
The concern, as you might guess, is that an intruder with access to your images might use a script to recover information you intend to hide, such as contacts and business secrets. The culprit could use the info for harassment, blackmail or espionage. While this may not be as much of a headache for locally stored screenshots (you have larger problems if an attacker already has access to your device), it could be very troublesome for unmodified images you save in the cloud.
This article originally appeared on Engadget at https://ift.tt/h1s27Vlfrom Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics https://ift.tt/h1s27Vl
No comments:
Post a Comment
Guys Comments for Revolutionary Change!!!