Windows 10 and 11 snipping tools are saving data you thought you had deleted

A newly revealed issue in Microsoft's image-snipping tools in both Windows 10 and 11 have been discovered by one of the people who first reported on a similar problem in Google's Pixel screenshot tool Markup. The reverse engineering researcher David Buchanan posted his findings earlier today on his Twitter account,

The post shows that when Buchanan took a screenshot with the Microsoft Windows 11 Snipping Tool and then saved it, he could then crop the image, save that image to the same file, and show that the "cropped" data hasn't been deleted after all.

This flaw means that someone could bring back the data from the part of the image that was cropped in mostly the same way the Pixel-based cropped image could be recovered. Buchanan stated, "The same exploit script works with minor changes (the pixel format is RGBA not RGB)." He added in a later post that the same issue is found with Microsoft's Snip & Sketch tool included with Windows 10, but apparently not with the original Windows 10 snipping tool.

These exploits could in theory be used by hackers to reveal previously cut-out sensitive information in images, like passwords, credit card numbers, bank accounts, and more. They are all been labeled collectively as the "Acropalypse". Google has since patched this issue in its Pixel phones. As of this writing, Microsoft has yet to comment on this issue.

Windows 10 and 11 snipping tools are saving data you thought you had deleted