Search This Blog

Powered by Blogger.

Blog Archive

Labels

Microsoft Conduct an Emergency Fix for the Notorious ‘Acropalypse’ Bug

Microsoft has now issued an OOB (out-of-band or emergency) update that patches the issue.


Recently, Microsoft has acted quickly in patching up the ‘acropalypse’ bug that was discovered earlier this week. The bug could apparently enable information cropped out of images via the Windows screenshot tools to be recovered. 

According to BleepingComputer, Microsoft has now issued an OOB (out-of-band or emergency) update that patches the aforementioned issue, technically named CVE-2023-28303. Microsoft is now urging users to apply the update as soon as possible. 

Furthermore, the update is not difficult to apply. All that the user has to do is click the Library icon in Microsoft Store, then pick Get updates (top right). Doing so will enable the patch to be applied if it has not already been installed automatically. 

Carry on Cropping 

The acropalypse bug shares some similarities with the vulnerability that targeted the Markup feature on Google Pixel phones, i.e. images and screenshots cropped in the Windows 11 Snipping Tool and the Windows 10 Snip and Sketch tool could well be compromised. 

The CVE-2023-28303 bug signifies that parts of a PNG or JPEG image that has been cropped out are not completely removed from the file after it is saved again. These cropped sections could include a variety of sensitive information, like bank account credentials or medical records. 

Moreover, it is important to note that applying the patch would not be able to fix any file that has already been cropped and exploited. It will only be applied to the ones that will be edited in the future. Users must re-crop any existing images to ensure that the excess parts of the picture have been appropriately removed. 

Analysis: A Quick Fix for a Worrying Bug 

Initially, recovering cropped out part of images may not appear to be a significantly severe security vulnerability- after all, who would care if someone manages to recover some empty sky that you have removed from that one photo from one of your vacations? 

However, there are a lot of reasons that makes cropping is a serious problem, as tech journalists know all too well. One could compromise their personal and important information from these cropped images, like email address, bank account numbers and contact details. Thus, it is well advised to users to cut off any information as such information before sharing it widely over the internet. 

In today’s era, where one shares so many photos with others and on the web at large, it is important from a security perspective that these images do not, in any way, expose more than we want them to, something that was a case of concern with CVE-2023-28303. 

Although, Microsoft has acted quickly to patch the issue, it is still concerning to note that the same bug was being exposed to two completely separated software from both Microsoft and Google in recent days.  

Share it:

Acropalypse Bug

Bugs

Google

Image cropping

Microsoft

Patch Fix

Sensitive Data Leak

Vulnerabilities and Exploits

Vulnerability