ChatGPT for macOS was released for last week by OpenAI. Days after the app was launched, a developer has claimed that the app had a security flaw that would make it easier for a bad actor with access to the device to steal information related to user’s queries and the chatbot’s responses, as the ChatGPT app was allegedly storing previous conversations in plain text in a non-secure environment, which led to the issue. However, a report on Wednesday stated that OpenAI has rolled out an update that fixes the problem.
ChatGPT macOS app released with security flaw
Developer Pedro José Pereira Vieito on Monday shared a post on Threads, highlighting the vulnerability. He also claimed that the ChatGPT app did not use the standard macOS sandbox that protects app data and user information, and all the past conversations were stored in plain text which could easily be accessed by malware or a bad actor attacking the device.
Sandboxing is a standard security mechanism which ensures that an app runs in an isolated and secure environment on a device. This system enables developers to protect app data and user information away from other apps, along with using encryption for security while it is on a user’s device.
In a separate post, the developer highlighted that macOS has blocked access to any private data ever since macOS Mojave was released in 2018, when sandboxing is used. As a result, all apps running on the operating system need explicit user permission before they can access user data from another app.
Vieito said the reason ChatGPT did not have these safeguards built into the app, was because “OpenAI chose to opt-out of the sandbox and store the conversations in plain text in a non-protected location, disabling all of these built-in defences.”
Meanwhile, The Verge reports that the company has released an update for the app that resolves this issue. This update is said to encrypt the chats to protect them from easily being accessed. In a statement to the publication, OpenAI spokesperson Taya Christianson said, “We are aware of this issue and have shipped a new version of the application which encrypts these conversations.”
For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who’sThat360 on Instagram and YouTube.
Akash Dutta is a Senior Sub Editor at Gadgets 360. He is particularly interested in the social impact of technological developments and loves reading about emerging fields such as AI, metaverse, and fediverse. In his free time, he can be seen supporting his favourite football club – Chelsea, watching movies and anime, and sharing passionate opinions on food. More
