Microsoft has moved quickly to address the troubling “Acropalypsis” bug. It was reported earlier this week that a bug has been found, which could allow the recovery of information extracted from images using Windows screenshot tools.
According to BleepingComputer, Microsoft has quickly released an OOB (out-of-band or emergency) update that fixes the issue with the technical designation CVE-2023-28303. As you might expect, Microsoft advises users to apply the update as soon as possible.
Applying the update is not difficult at all: in the Microsoft Store, click on the Library icon on the left, then select Get Update (top right). This will force the patch to be applied if it is not already installed automatically.
Bug – similar to the one that affected the tagging feature.On Google Pixel phones – This means that screenshots and images cropped by Windows 11 Snapping Tool and Windows 10 Snap and Sketch Tool may be compromised.
Basically, the CVE-2023-28303 vulnerability means that cut off parts of a PNG or JPEG image are not properly removed from the file after re-saving. These shredded parts may contain sensitive information such as bank account details or medical records.
It is important to note that patching does not repair already truncated files, only files that have been modified in the future. You will need to re-crop any existing images to ensure that excess image parts are properly removed.
Analysis: A quick fix to a vexing bug
At first, being able to restore cropped parts of your photos doesn’t seem like a particularly terrible security risk – after all, who cares if someone manages to add back the empty sky you’ve created? Removed from all your vacation photos?
There are many reasons for cropping images, as tech journalists know all too well. Personal information such as email addresses, bank account numbers and contact names must be removed from images before they are widely shared on the Internet.
Since many of us share so much of our photos with other people and widely across the web, it’s very important from a security perspective that those photos don’t reveal more than we want them to – something that was a problem with CVE-2023 . -28303.
Microsoft has at least moved quickly to fix it and then implement it, but worryingly, the same bug has appeared in separate Microsoft and Google software in recent days.