Windows 11 built-in snipping tool allows users to take screenshots and perform basic image editing tasks, such as cropping, annotating, and highlighting. It also includes a redaction feature that enables users to remove sensitive information from an image before saving or sharing it.
Despite being a useful tool, it has a vulnerability that could have severe privacy implications. Researchers discovered that if a user opens an existing image, modifies it by cropping it, and saves it again under the same name, the file will not lose any of its original data, even though the beginning of the file is overwritten with the new image. This flaw means that the original version of edited or redacted screenshots, images, or photos, such as those with faces or credit card numbers, could potentially be recoverable, posing a significant privacy risk.
The flaw in Windows 11’s snipping tool, which allows overwritten files to retain their original data, cannot be reproduced using Windows 10’s snipping tool. This is because the Windows 10 snipping tool does not have the ability to open existing files for editing.
A similar flaw was found earlier on Google Pixel’s Markup Tool.
Read the full story here: https://www.bleepingcomputer.com/news/microsoft/windows-11-snipping-tool-privacy-bug-exposes-cropped-image-content/