A critical vulnerability was discovered in OpenAI’s recently released ChatGPT macOS app. This vulnerability was causing users’ chats to be stored in plain text on their computers, making it easy for malicious software or individuals to access this data. Fortunately, OpenAI was quick to address the issue and issue a major security update.
Details of the vulnerability in ChatGPT Mac app
Discovered by Pedro José Pereira Vieito, this vulnerability involved storing users’ chats in plain text. Vieito shared on the Threads platform that another application could easily access these files and show the text of the chats. He proved that these chats could be accessed instantly with an application he developed specifically to demonstrate this situation.
This was reported to OpenAI by The Verge team, and OpenAI quickly took action and released an update that allows chats to be encrypted. “We are aware of this issue and have released a new version of our app that encrypts chats,” OpenAI spokesperson Taya Christianson told The Verge. “We are committed to providing a helpful experience for our users while maintaining our high security standards as our technology evolves.”
After installing the update, Vieito’s app no longer has access to chat transcripts and users’ chats can no longer be viewed in plain text, meaning users’ chats are now more secure.
Vieito also shared how he discovered the vulnerability. He said he was curious about why OpenAI didn’t use sandbox protocols and therefore checked where the app data was stored. This could be because OpenAI only offers the ChatGPT macOS app through its own website and therefore isn’t subject to the Mac App Store’s app protection requirements.
OpenAI can inspect ChatGPT chats for security purposes and to train its models. However, this privilege is not expected to be available to unknown third parties. Fortunately, this app did not store all user data in plain text, which alleviates the situation somewhat.
As a result, OpenAI’s rapid response and the update it released to ensure the security of user data made the ChatGPT macOS application more secure. Such vulnerabilities have once again highlighted how important it is to protect users’ personal data. It is of utmost importance that users protect their data by installing such updates immediately.