Emergency Fix for Dangerous ‘Acropalypse’ Bug Released by Microsoft

Screenshot of the Microsoft Store on Windows 11

Head to the Microsoft Store to get the fix
(Image credit: Future)

Carry on cropping

Microsoft has quickly patched up the worrying ‘acropalypse’ bug that we reported on earlier this week. The bug could enable information cropped out of images by the Windows screenshot tools to be recovered. As per BleepingComputer, Microsoft has now issued an OOB (out-of-band or emergency) update that fixes the issue, which has the technical designation of CVE-2023-28303. Microsoft is recommending that users apply the update at their earliest opportunity.

Applying the update is easy. From the Microsoft Store, click the Library icon on the left, then pick Get updates (top right). This should force the patch to be applied, if it hasn’t already been automatically installed.

The bug – which is similar to one that has affected the Markup feature on Google Pixel phones – means that images and screenshots cropped in the Windows 11 Snipping Tool and the Windows 10 Snip and Sketch tool could be compromised. Essentially, the CVE-2023-28303 vulnerability means that parts of a PNG or JPEG image that have been cropped out aren’t properly removed from the file after it’s saved again. Those cropped sections could include sensitive information such as bank account details or medical records, for example.

It’s important to note that applying the patch won’t fix any files that have already been cropped, only ones that are edited in the future. You’ll need to recrop any existing images to be sure the excess parts of the picture have been properly removed.

Analysis: a quick fix for a worrying bug

At first, the opportunity of recovering cropped out parts of images may not seem like a particularly terrible security vulnerability – after all, who cares if someone manages to add back in some empty sky that you’ve removed from one of your vacation photos?

There are lots of reasons that images are cropped though, as tech journalists know all too well. Personal information such as email addresses, bank account numbers and contact names need to be cut out of pictures before they’re shared widely on the internet.

With so many of us sharing so many of our photos with other people and on the web at large, it’s crucial from a security perspective that these images don’t reveal more than we want them too – something which was a problem with CVE-2023-28303.

Sign up to receive daily breaking news, reviews, opinion, analysis, deals and more from the world of tech.

Dave is a freelance tech journalist who has been writing about gadgets, apps and the web for more than two decades. Based out of Stockport, England, on FLD Magazine you’ll find him covering news, features and reviews, particularly for phones, tablets and wearables. Working to ensure our breaking news coverage is the best in the business over weekends, David also has bylines at Gizmodo, T3, PopSci and a few other places besides, as well as being many years editing the likes of PC Explorer and The Hardware Handbook.

Leave A Reply

Your email address will not be published. Required fields are marked *

Related Posts