Microsoft Issues Patch for aCropalypse Privacy Flaw in Windows Screenshot Tools
Microsoft has released an out-of-band update to address a privacy-defeating flaw in its screenshot editing tool for Windows 10 and Windows 11. The issue, dubbed aCropalypse, could enable malicious actors to recover edited portions of screenshots, potentially revealing sensitive information that may have been cropped out. The vulnerability is tracked as CVE-2023-28303 and is rated 3.3 on the CVSS scoring system. It has been addressed in-app version 10.2008.3001.0 of Snip and Sketch installed on Windows 10 and version 11.2302.20.0 of Snipping Tool installed on Windows 11. The issue was first discovered in Google Pixel's Markup tool, tracked as CVE-2023-21036, and was fixed via an update released on March 6, 2023. CVEs: CVE-2023-28303, CVE-2023-21036 [View Article](https://thehackernews.com/2023/03/microsoft-issues-patch-for-acropalypse.html)