Microsoft aCropalypse Vulnerability

Using Microsoft's built-in snipping tool to edit an image in Win 10/11 can be risky, so MS released a patch for it.

If you use it to crop an image before sharing it, a hacker could unhide what whatever you removed because of the aCropalypse Vulnerability and be able to see the entire unedited image.

The problem occurs when you save the cropped image on top of itself (eg, using the exact same file name). So be sure you use a different file name to save a cropped image. You can then delete the original version, if you don't need it.

The last version of Snip & Sketch installed on my PC running Win 10 22H2 is SnippingTool.exe, v6.2.19041.746, dated 10-6-21. So it hasn't been updated recently.

Supposedly we can go to the MS store and click Library > Get Updates to get the update for Windows. I don't see that option anywhere. If I search for Snip & Sketch, the version offered is dated 2018, so it's older than what's installed on my PC now.

Don't know if/when the update will be offered via Windows Update.

NOTE: This issue also affects Google Pixel’s Markup app.