Microsoft pushes out an emergency fix for the dangerous 'acropalypse' bug

Microsoft has acted swiftly to patch up the worrying 'acropalypse' bug that we reported on earlier this week – a bug that could enable information cropped out of images by the Windows screenshot tools to be recovered.

As per BleepingComputer, Microsoft has now issued an OOB (out-of-band or emergency) update that fixes the issue, which has the technical designation of CVE-2023-28303. Microsoft is recommending that users apply the update at their earliest opportunity, as you might expect.

Applying the update isn't difficult at all: from the Microsoft Store, click the Library icon on the left, then pick Get updates (top right). This should force the patch to be applied, if it hasn't already been automatically installed.

Carry on cropping

The bug – which is similar to one that has affected the Markup feature on Google Pixel phones – means that images and screenshots cropped in the Windows 11 Snipping Tool and the Windows 10 Snip and Sketch tool could be compromised.

Essentially, the CVE-2023-28303 vulnerability means that parts of a PNG or JPEG image that have been cropped out aren't properly removed from the file after it's saved again. Those cropped sections could include sensitive information such as bank account details or medical records, for example.

It's important to note that applying the patch won't fix any files that have already been cropped, only ones that are edited in the future. You'll need to recrop any existing images to be sure the excess parts of the picture have been properly removed.


Analysis: a quick fix for a worrying bug

At first, the opportunity of recovering cropped out parts of images may not seem like a particularly terrible security vulnerability – after all, who cares if someone manages to add back in some empty sky that you've removed from one of your vacation photos?

There are lots of reasons that images are cropped though, as tech journalists know all too well. Personal information such as email addresses, bank account numbers and contact names need to be cut out of pictures before they're shared widely on the internet.

With so many of us sharing so many of our photos with other people and on the web at large, it's crucial from a security perspective that these images don't reveal more than we want them too – something which was a problem with CVE-2023-28303.

Microsoft has at least acted quickly to get the fix tested and then applied – but it's a concern that this same bug has appeared completely separately in software from both Microsoft and Google in recent days.



from TechRadar - All the latest technology news https://ift.tt/ef6Bh9c
Share:

No comments:

Post a Comment

Categories

Rove Reviews Youtube Channel

  1. Subscribe to our youtube channel
  2. Like our videos and share them too.
  3. Our youtube channel name Rove reviews.

WITNUX

This website is made by Witnux LLC. This website provides you with all the news feeds related to technology from large tech media industries like GSM Arena, NDTV, Gadgets 360, Firstpost and many other such ates altogether at technical depicts so that you need not go to several sites to view their post provide you advantantage of time.

From the developer
Tanzeel Sarwar

OUR OTHER NETWORKS

OUR YOUTUBE CHANNEL

ROVE REVIEWS PLEASE SUBSCRIBE

OUR FACEBOOK PAGE

The Rove Reviews

Support

Trying our best to provide you the best DONATE or SUPPORTour site Contact me with details how are you gonna help us