A serious security flaw in Windows 11’s Photo Cropping Tool allows cropped and edited photos to be restored to their original format. The Acropalypse vulnerability, as it’s called, could allow access to personal data and intimate scenes of users through files exchanged by messengers and other services.
The operating system’s standard feature allows simple edits to screenshots, adding emojis, cropping, flipping, or adding tags that hide certain contents. In a test by researchers Simon Aarons and David Buchanan, for example, it was possible to extract credit card numbers from a photo exchanged between Discord users, with the data originally hidden.
The pair of experts were also responsible for locating the bug, originally, in the Google Pixel line of smartphones. Now, a second security researcher, Chris Blum, has revealed that the exploit exploit is also possible in Windows 11 from PNG files.
The secret of the vulnerability lies in the presence of the original data even in the changed file. Instead of truncating the removed information when the user edits and overwrites the file, the system keeps unused records. Then they can be restored, albeit partially – on Pixel phones, this restoration can be up to 80% of the original information.
According to Buchanan, while the exploit in its current format doesn’t work with JPG files, that doesn’t mean it isn’t possible, because the Windows 11 editing tool also keeps information when that format is used. On the other hand, PNG files that are optimized or saved as a new file instead of overwriting the original are also free from the problem.
“I have something interesting for you. I opened a 198-byte PNG file in Capture Tool. Microsoft, I chose Save As to overwrite a different file (no modification), and I saved a 4,762 byte file with all the extra IEND PNG snippets. Looks alike: D
Capture Tool 11.2302.4.0. Saving as a new file results in a file 254 bytes long with no junk after the end. So it looks like it’s “definitely a ‘data truncation’ error”.
Users are advised to remove files that may contain sensitive data or images, posted on social networks or shared in messengers. However, if it has already been saved by someone, there is little that can be done, while an online tool focused on the vulnerability discovered in Google smartphones allows you to check if an image can be recovered from the error.
Microsoft said in a statement that it is investigating the matter and will take appropriate action as soon as possible. In the case of the Pixel line models, an update was released at the beginning of the month for affected devices, while details of the CVE-2023-21036 failure were revealed this week so that manufacturers and developers can also take action. procedures.
source: sleeping computer