A recently discovered security problem in the ChatGPT macOS app from OpenAI left user conversations vulnerable. The app stored these chats in plain text on your computer, which made them easily accessible to anyone with physical access to the device or any malicious software that might have infiltrated it. This security flaw allowed anyone with access to a Mac to read ChatGPT chats.
This security hole was discovered by developer Pedro José Pereira Vieito. He revealed how another app could be created to access these conversation files and display their content. This meant sensitive information shared with ChatGPT could be exposed.
Update: Thankfully, OpenAI reacted quickly and released an update that encrypts these conversations, potentially fixing the vulnerability. Hence, users are advised to update their ChatGPT app to benefit from this security improvement.
This comes after the ChatGPT app was launched for macOS last month (here’s how to use the app), following Apple’s announcement to implement ChatGPT into Siri 2.0 in the upcoming OSes of the ecosystem. According to reports, the partnership with OpenAI didn’t cost Apple a dime.
Overall, the incident is a clear example of the importance of app sandboxing, a security feature that isolates apps and their data. In this case, OpenAI opted out of Apple’s sandboxing requirements because they distribute the app through their own website. Recently, ChatGPT also confused Samsung’s upcoming Galaxy Watch 7 Ultra with Apple Watch Ultra.
The immediate threat is gone, hopefully.
Source: ChatGPT for macOS Exposed User Conversations in Plain Text (Fixed)