A bug touted as the "acropalypse" has prompted Microsoft to release a pair of emergency fixes, which are made specifically for the Windows 10 and 11 screenshot editing tools. Users were concerned that the Windows screenshot bug might be exploited to obtain sensitive information.
'Acropalypse' Could Have Affected More Than 4,000 Public Images
As reported by Bleeping Computer, Microsoft started to investigate the screenshot bug as soon as it was first noticed by the users. On Friday, the Big Tech finally released the public updates for Windows 11 Snipping Tool and Windows 10 Snip and Sketch app, which are the editing tools affected by the "acropalypse."
According to Microsoft, the security update for the photo editing apps was released via CVE-2023-28303. As of this time, the exact number of public images affected by the screenshot bug is not yet determined. However, Bleeping Computer reported the number could be "much higher" than 4,000 images.
The Windows screenshot bug was first discovered on Pixel smartphones, although this was already fixed by Google via Android's March security update. The Android update includes patches that protect the images created using screenshot tools before the bug was reported.
This time around, the bug was encountered on Windows OS as it causes the editing apps to improperly overwrite cropped PNG data. According to Engadget, not all PNG files were affected by the bug, although some users feared that the screenshot issue was enough to cause security breach.
Related Article: Microsoft To Make Setting Default Apps Easier on Windows 11
Microsoft Says Vulnerability Due to Screenshot Bug is 'Low'
The Windows screenshot bug, first discovered by retired software engineer Christ Blume, alarmed the users as bad actors might exploit the bug to recover the original uncropped images. Some edited files affected by the screenshot bug might contain private information such as credit card details and account passwords, as per PCMag.
Despite these concerns, Microsoft said that the vulnerability due to the bug is still considered "low." The company said that there has to be "uncommon user interaction and several factors outside of an attacker's control" so that attackers can successfully exploit the bug.
That being said, people who had used the Windows editing apps for common practices such as copying an image from Snipping tool and editing the file before saving does not make the file vulnerable to the bug.
A file can be considered explosed to the screenshot bug if the user took the screenshot, saved the file, cropped the image, and then saved the cropped image to the same location. Also, only those files shared publicly are likely to be affected, unless if the device where the files were saved is compromised.
Users can start the Windows update for the screenshot bug manually by opening the Microsoft Store and clicking on "Library." Afterwards, click on "Get Updates" to obtain the necessary patches. Microsoft recommends everyone to install the updates, regardless if some users believe that their files are not affected by the bug.
Read Also: Microsoft Suggests Temporary Fix for Unresponsive Windows Start Menu
