This vulnerability became known as “Acropalypse” because it is related to the crop function and potentially leaks security-related data. The possible recovery was first discovered in the markup tool of Google Pixel smartphones and then also in the Windows Snipping Tool and Snip & Sketch.
Which versions of Snipping Tool are affected?
The default snipping tool in Windows 10 and older versions is not affected. Only Snip & Sketch in Windows 10 and Snipping Tool in Windows 11 are affected by this vulnerability.
The bug affected Google’s markup tools and now also Microsoft software
A security update has been released for these applications and is available from the Microsoft Store. Details of the error were below CVE-2023-28303 released. Microsoft therefore classifies the exploitation of the vulnerability as unlikely and has not known of any cases in which the vulnerability was actively exploited. The severity of this vulnerability is low because successful exploitation requires unusual user interaction and multiple factors beyond the attacker’s control.
Nevertheless, all users are advised to install the new update for the Windows Snipping Tool promptly. Now that the vulnerability is well known and could lead to information disclosure, no risk should be taken.
How can I check if the update is installed?
- For Snip and Sketch installed on Windows 10, app versions 10.2008.3001.0 and later include this update.
- For Snipping Tool installed on Windows 11, app versions 11.2302.20.0 and later include this update.
- Microsoft provides update for Windows Snipping Tool
- Vulnerability known as “Acropalypse”
- Affected are Snip & Sketch in Win 10 and Snipping Tool in Win 11
- Update available from Microsoft Store, CVE-2023-28303
- Severity rated as low, better but don’t take any chances
- Win 10: App versions 10.2008.3001.0+
- Win 11: App versions 11.2302.20.0+
See also:
