Following the discovery of a flaw in an internal photo editing tool called Markup found on Google Pixel phones, software engineer Chris Blume has confirmed that the Windows 11 Snipping Tool also suffers from the same vulnerability.
The issue on Windows’ Snipping Tool is very similar to that on Markup. Both programs do not truncate unnecessary information when overwriting files that have been cropped or redacted. This leaves behind a chunk of data that can be partially recovered and might reveal sensitive information in some cases.
Security researchers David Buchanan and Simon Aarons, who discovered the Markup bug also made a website that can recover screenshots edited by Markup. While the way the vulnerability works across both platforms is the same, the Markup screenshot recovery tool can’t recover screenshots edited by the Snipping Tool.
However, Buchanan shared a Python script with the BleepingComputer that does seem to work with Windows files, partially recovering an image in BleepingComputer’s tests. Additionally, another security researcher, Will Dormann also independently confirmed the issue.
The Windows Snipping Tool currently leaves untruncated data on both PNG and JPG files. However, Buchanan’s Python script currently only works on PNG files, but can possibly be adapted to work with both file types. It’s worth pointing out that not all PNG file types are vulnerable to the issue either. Optimised PNGs that are saved with a single zlib block aren’t affected by the flaw.
Regardless, even partial recovery of cropped or redacted screenshots can be problematic. Keep in mind that this extra non-truncated data can be removed by simply opening the PNG file in another image editor and saving it as a separate file.
Microsoft is apparently aware of the issue and is working on a fix, with a spokesperson saying that the company is investigating reports and will “take action as needed to help keep customers protected”.
In the News: Cybercriminal hub BreachForums shuts down