OpenAI fixes security flaw in ChatGPT Mac app that led to conversations being stored in plain text | Laptop News

A significant security vulnerability was recently discovered in OpenAI’s newly launched ChatGPT app for macOS. This flaw allowed stored chat conversations to be easily accessed and read in plain text, posing a serious risk to user privacy. Upon being notified of the issue, OpenAI responded by releasing an update that encrypts the locally stored chats.

The security flaw came to light thanks to developer Pedro José Pereira Vieito, who demonstrated how another app could easily access and display recent conversations on ChatGPT, which were stored on a user’s computer. Vieito’s demonstration was simple – by simply changing file names, one could view ChatGPT conversations. He illustrated this by developing an app that could read these conversations with a click of a button, highlighting the ease with which private data could be accessed.

One critical aspect of this vulnerability was the lack of sandboxing in the ChatGPT macOS app. Sandboxing is a security mechanism that isolates an app’s data from other parts of the system, ensuring that the app cannot access other system parts without explicit permission. This practice is mandatory for iOS apps but optional for MacOS apps, particularly those distributed outside the Mac App Store. By not utilizing sandboxing, the ChatGPT app stored conversations in plain text, making them easily accessible to any application or malware on the same device.

Later, Taya Christianson, an OpenAI spokesperson, confirmed, “We are aware of this issue and have shipped a new version of the application which encrypts these conversations. We’re committed to providing a helpful user experience while maintaining our high security standards as our technology evolves.” This update effectively addressed the vulnerability, as…

read more

FTC: We use income earning affiliate links. More on Sposored links.
Terms of use and third-party services. More here.

Advertisement Amazon

Related Posts