OpenAI Addresses Security Issue in ChatGPT macOS App

OpenAI Addresses Security Issue in ChatGPT macOS App

OpenAI’s recently launched ChatGPT macOS app encountered a security flaw where user conversations were stored in plain text until a recent update on Friday. This vulnerability meant that anyone with access to the user’s computer could potentially read these conversations, posing a risk if exploited by malicious actors or unauthorized apps.

Pedro José Pereira Vieito highlighted this issue, demonstrating how easy it was to access and view ChatGPT conversations stored as plain text files on the computer. Using a simple application, he was able to reveal conversation contents immediately after they occurred, underscoring the security lapse.

Upon being informed of the issue by The Verge, OpenAI promptly responded by releasing an update that encrypts these conversations. Taya Christianson, a spokesperson for OpenAI, acknowledged the issue and stated, “We are aware of this issue and have shipped a new version of the application which encrypts these conversations.”

Following the update, Pereira Vieito confirmed that his app no longer functioned to access plain text conversations, indicating that the encryption measure effectively mitigated the initial security concern.

Pereira Vieito discovered the vulnerability while investigating why OpenAI’s app did not utilize Apple’s sandbox protections, which are typically mandated for apps distributed via the Mac App Store. Notably, OpenAI distributes the ChatGPT macOS app exclusively through its own website, exempting it from Apple’s stringent sandboxing requirements.

While OpenAI reserves the right to review ChatGPT conversations for safety and model training purposes, ensuring the security of these interactions from unauthorized access remains paramount.

While the issue has been addressed with encryption measures, it underscores the importance of robust security practices, particularly for applications handling sensitive user data.

© TechMub. All right reserved.