During this week we learned about aCropalypse, the problem it causes Google’s Android and Microsoft’s screenshot tools were affected by the security issue. At first, this issue seemed to only point to a feature included for this purpose on Pixel devices, so it seemed to be quite limited in scope. However, soon after, there were reports that Microsoft’s screenshot tools for Windows 10 and Windows 11 were also affected.

More specifically, the tools affected by aCropalypse are designationdevice specific Pixel, Snip & Sketch for Windows 10 and cutout tool for Windows 11. In all cases, an attacker with access to the files could view the uncropped and unaltered version of the screenshot. It’s quite common to take a screenshot and then crop it, leaving the content out of the final image that we don’t want to show because it doesn’t contribute to anything… or because it contains information we don’t want to publish. or share.

So think for a moment consequences of this security issue put an end to sneaking, because a screenshot is a fairly common way to share information, and being able to crop it to share only what we want creates a sense of security that in many cases will be part of the content of the original image was something that should have remained hidden: personal and bank details, restricted information, etc.

This explains why, thankfully, Microsoft and Google acted quickly and issued emergency security patches to prevent aCropalypse. In the case of Google a fix for the tags issue came in the March Android security updatewhich was released on March 7 for Pixel device users.

Microsoft’s solution came a bit late as it was only published yesterday and also in this case it is users who have to update manually Snip & Sketch and Snipping Tool from the Windows App Store, as neither is part of the operating system and is therefore not automatically updated with Windows security updates. So if you are using any of them, you should update them immediately.

There is, of course, a worse solution. the problem of already published and shared screenshots, because the security solution only prevents the problem from being reproduced in the captures we take from its installation onwards. So if you have access to ones you’ve created in the past and shared in some way, it’s best to revisit them, also avoid capturing content that should remain hidden, and use them to replace the original ones.

More information