According to the verge*, researchers recently announced the ‘acropalypse’ vulnerability in the Pixel’s screenshot tools, but it seems like Google wasn’t the only company to make this mistake.
One of those researchers is now reporting that Microsoft’s Snipping Tool for Windows 11 as well as the Snip & Sketch tool in Windows 10 have a very similar exploit, which could mean that information people thought they’d gotten rid of is now floating around on the internet.
According to a tweet from David Buchanan, if you take a screenshot with the tool, press the save button, and then crop it and save it to the same file, the data may still be available in the file. Buchanan says you can even use pretty much the same code that let you see the rest of a Pixel screenshot to get at that data as long as you make some “minor changes.”
The vulnerability discovered by the researchers is a good example of the privacy risks we – as users – often forget to consider. Taking screenshots could pose a privacy threat that is unknown to many but it also acts as a reminder when creating screenshots generally due to the amount of other sensitive data that could be captured.
We should limit the display of private information on our screens to minimum, even when we think we’re the only ones looking at it.
For example, not keeping passwords in a notes doc or using the “eye” button when entering a password. If you are a user who takes screenshots, crops them and then writes over the same file name, privacy issues could arise. Therefore, until a patch arrives it remains safer to save the screenshot as another filename.
*ESET does not bear any responsibility for the accuracy of information on that website
ESET Ireland 