ChatGPT for macOS was released for last week by OpenAI. Days after the app was launched, a developer has claimed that the app had a security flaw that would make it easier for a bad actor with access to the device to steal information related to user’s queries and the chatbot’s responses, as the ChatGPT app was allegedly storing previous conversations in plain text in a non-secure environment, which led to the issue. However, a report on Wednesday stated that OpenAI has rolled out an update that fixes the problem.
ChatGPT macOS app released with security flaw
Developer Pedro José Pereira Vieito on Monday shared a post on Threads, highlighting the vulnerability. He also claimed that the ChatGPT app did not use the standard macOS sandbox that protects app data and user information, and all the past conversations were stored in plain text which could easily be accessed by malware or a bad actor attacking the device.
Sandboxing is a standard security mechanism which ensures that an app runs in an isolated and secure environment on a device. This system enables developers to protect app data and user information away from other apps, along with using encryption for security while it is on a user’s device.
In a separate post, the developer highlighted that macOS has blocked access to any private data ever since macOS Mojave was released in 2018, when sandboxing is used. As a result, all apps running on the operating system need explicit user permission before they can access user data from another app.
Vieito said the reason ChatGPT did not have these safeguards built into the app, was because “OpenAI chose to opt-out of the sandbox and store the conversations in plain text in a non-protected location, disabling all of these built-in defences.”
Meanwhile, The Verge reports that the company has released an update for the app that resolves this issue. This update is said to encrypt the chats to protect them from easily being accessed. In a statement to the publication, OpenAI spokesperson Taya Christianson said, “We are aware of this issue and have shipped a new version of the application which encrypts these conversations.”
