Last Updated on 23/03/2023 by elicia
Tech researcher David Buchanan and Simon Aarons have reported a concerning privacy bug snipping tools offered by big tech including google and Microsoft.
The bug was initially found in Google Pixel’s Markup Tool as oy caused the original image data to be retained even if it was edited or cropped out.
And later in Microsoft’s Snipping Tool feature on Windows 11 which was found by chris blume.
Will Dorman, A security researcher confirmed the issue along with steps to do the procedure
This bug allows the Snipping Tool to access and potentially share sensitive image content cropped by users.
The Snipping Tool is a popular feature on Windows operating systems that enables users to take screenshots of their screens and crop out specific portions of the image for sharing or saving.
When a user crops an image using the Snipping Tool on Windows 11, the cropped content remains accessible to the tool even if it is not saved or shared.
This means that if a user crops an image containing sensitive information, such as login credentials or personal data, that information could potentially be accessed and exposed by the Snipping Tool.
Technical Explanation
When saving over a file, Snipping Tool overwrites the number of bytes required to save your edited image but leaves the remaining bytes intact.
If those new added bytes are removed, The old image can be recovered.
While this may not be a problem for users who trust the tool or use it for non-sensitive purposes, it could pose a significant security risk for those who rely on the Snipping Tool for more sensitive tasks.
Microsoft has acknowledged the bug and is reportedly working on a fix. In the meantime, users are advised to exercise caution when using the Snipping Tool and avoid cropping images containing sensitive information.
This incident highlights the importance of thorough testing and quality assurance in software development, especially when it comes to privacy and security features.
Microsoft is often blamed for issues and google has been joining the poor delivery party after release of google bard.
It also serves as a reminder that even OS native popular tools can pose a risk to user privacy and security if it is not designed and implemented with care.
A website also has been made to recover the screenshots, and it is publicaly accessible. It was made to highlight the issue and should not be used for any illegal activities.
Meanwhile, you can use other tools like canva or lightshot to edit your screenshots.
