During this week we have learned about aCropalypse, a problem that causes Google’s Android and Microsoft’s screenshot tools were affected by a security issue. At first this issue seemed to point only to the feature included for this purpose on Pixel devices, so it seemed to be quite limited in scope. However, news broke soon after that Microsoft’s screenshot tools for both Windows 10 and Windows 11 were affected as well.
To be more exact, the tools affected by aCropalypse are markupspecific to the devices Pixel, Snip & Sketch for Windows 10 and snip tool for Windows 11. In all cases, an attacker with access to the files could view an uncropped and unaltered version of a screenshot. It is quite common to take a screenshot and then crop it, leaving out of the final image content that we do not want to be shown because it does not contribute anything… or because it contains information that we do not want to make public or share.
So, just think for a moment about the implications of this security issue to end the creeps, since the screenshot is a fairly common way to share information, and the possibility of cutting them once done to share only what we want, creates a sense of security that, in many cases, will be fact that part of the content of the original image was something that should remain hidden: personal and bank details, restricted information, etc.
This explains why, fortunately, Microsoft and Google have acted quickly, releasing emergency security patches to prevent aCropalypse. In the case of Google, the fix for the Markup issue came in the March Android security updatewhich was released on March 7 for users of Pixel devices.
Microsoft’s solution has come a little later, since it was not published until yesterday and also, in this case, it is the users who must update manually Snip & Sketch and Snipping Tool from the Windows App Store, as neither is part of the operating system and therefore is not automatically updated with Windows security updates. So, if you use any of them, you should update them immediately.
There is a worse solution, of course. the problem of screenshots that have already been published and shared, since the security solution only prevents the problem from reproducing in the captures that we take from its installation onwards. Therefore, if you have access to those that you have made in the past and that you have shared in some way, it is best to repeat them, avoiding also capturing content that should remain hidden, and use them to replace the original ones.
More information
