Dangerous ‘acropalypse’ bug in Windows Snipping Tool fixed in emergency security update — install it now

How to screen record on Windows 11 illustrated with a picture of the Snipping Tool on the Windows 11 desktop
(Image credit: Tom's Guide)

Microsoft has released an emergency security update for both Windows 10 and Windows 11 which addresses a dangerous bug in its Snipping Tool utility.

The bug has been dubbed ‘acropalypse’ (tracked as CVE-2023-2803) and occurs when image editors like the search giant’s Snipping Tool doesn’t properly remove cropped image data when overwriting the original file according to BleepingComputer.

After testing a fix for the bug in its Windows Insider Canary channel, Microsoft has now publicly released a fix for both the Snip & Sketch app in Windows 10 and the Snipping Tool program in Windows 11. The company is urging Windows users to apply the update now to patch the acropalypse vulnerability.

Once installed, Windows 11 Snipping Tool will be version 11.2302.20.0 while Windows 10 Snip & Sketch will be version 10.2008.3001.0. 

What is the acropalypse flaw and how does it work?

Two screenshots illustrating the Pixel aCropalypse flaw. The first, taken from a Google Pixel 6, is a heavily cropped image of an app, showing only the bottom quarter of the image. On the right is the image restored using the aCropalypse.app tool, which has rebuilt almost the entire page save for a partly corrupted/blacked-out section at the top.

(Image credit: Tom's Guide)

Although it is now affecting Windows PCs, the acropalypse flaw was first found on Pixel Phones inside Google’s Pixel Markup tool

Discovered by security researchers David Buchanan and Simon Aarons, the acropalypse flaw causes an image’s original data to be retained even after it has been edited or cropped. The danger here is that if a user shares a picture of something sensitive like their credit card with its number redacted via image cropping, it may be possible to partially recover the original photo.

To show how the acropalypse bug could be exploited by an attacker, Buchanan and Aarons created an online screenshot recovery tool that tries to recover edited images created on a Google Pixel phone like the Pixel 7 or Pixel 7 Pro.

The impact of the acropalypse bug is quite large, with security researchers telling BleepingComputer that more than 4,000 images hosted on VirusTotal are affected. However, on image hosting websites, the number of images affected by the bug is likely even higher.

How to protect your Windows PC from this dangerous flaw

Laptop showing security lock on screen

(Image credit: Shutterstock)

Now that Microsoft has rolled out an emergency security update to patch this issue, it’s up to you to install it.

To do so, you first need to open the Microsoft Store and go to Library and then to Get Updates. Clicking on the button will install the latest version of the Windows Snipping Tool or Snip & Sketch automatically on your PC.

After patching the acropalypse flaw, you might want to take some time to further secure your PC from the latest threats. Besides updating Windows Defender and ensuring it’s enabled on your computer, you may also want to install one of the best antivirus software programs for additional protection.

When it comes to keeping your photos and other images safe, you can use the best cloud storage to keep an extra copy of them in the cloud or even one of the best cloud backup services to automate this process.

Even though the acropalypse flaw is considered dangerous, Microsoft has classified the vulnerability as “Low” severity due to the fact that it "requires uncommon user interaction and several factors outside of an attacker's control” to exploit. Still, keeping your PC updated is one of the best ways to protect your devices and your data from hackers.

More from Tom's Guide

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.