A severe privacy flaw named 'apocalypse' has recently been discovered to affect both the Google Pixel Markup and Windows 11 Snipping tools. This bug causes the original image data to be retained in an image file even if cropped or edited. 

Potential Consequences of a Security Flaw in the Windows 11 Snipping Tool

According to the story by Bleeping Computer, this poses a significant privacy concern since users could share images containing sensitive information, such as credit cards, or revealing photos with their faces removed. The original version of the image could also be discovered and partially recovered. 

With the help of software engineer Chris Blume and vulnerability expert Will Dormann, security researchers David Buchanan and Simon Aarons confirmed the flaw affecting the Windows 11 Snipping Tool. 

The File Sizes for the Original Image File and Cropped Image File were the Same

To illustrate this bug, the researchers launched an online apocalypse screenshot recovery utility that would attempt to recover edited images created on Google Pixel. To test this, BleepingComputer opened an existing PNG file in the Windows 11 Snipping Tool, cropped it, and then saved the changes to the original file, per W3

The file sizes for the original image file and cropped image file were the same, and this is because the PNG file specification requires that a PNG image file always ends with an 'IEND' data chunk, with any data added after this being ignored. 

Results of the Python Script Test: Partially Recovering the Original Image

This means that someone can partially recover the original image, which can cause serious security or privacy issues if you had previously shared the image but edited or cropped out sensitive information. 

To test this, the researchers used a Python script that can be used to recover Windows files. When put to use, BleepingComputer successfully recovered a portion of the original image. 

The Dangers of Editing Sensitive Data from Images

Even though a full recovery of the original image isn't always possible, the same dangerous possibilities still can arise if sensitive data is edited out of the image, such as national identity numbers, passports, or revealing photographs. 

According to Buchanan, his exploit does not currently work on JPGs but could be possible. It should also be noted that not all PNG files, such as optimized PNGs, are affected by this flaw. 

Read Also: FBI Arrests BreachForum Owner for Hacking Agency's Email Servers in 2021

Preventing the Unravveling of 'Airpocalypse': Strategies For Image Security

Opening an untruncated PNG file in an image editor, such as Photoshop, and saving it to another file, the unused data at the end will be stripped off, making it no longer recoverable. This 'airpocalypse' privacy flaw is a serious issue and could have dangerous implications, especially for those who share personal images online. 

With this in mind, it is essential that people take extreme caution when sharing slightly edited images or use the aforementioned strategies to ensure their data and information remain safe and secure.

Related Article: US Justice Department Now Probing TikTok Over Journalist Spying Case

Tech Times

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion