ChatGPT for macOS was launched for final week by OpenAI. Days after the app was launched, a developer has claimed that the app had a safety flaw that might make it simpler for a nasty actor with entry to the system to steal info associated to consumer’s queries and the chatbot’s responses, because the ChatGPT app was allegedly storing earlier conversations in plain textual content in a non-secure surroundings, which led to the problem. Nonetheless, a report on Wednesday said that OpenAI has rolled out an replace that fixes the issue.
ChatGPT macOS app launched with safety flaw
Developer Pedro José Pereira Vieito on Monday shared a put up on Threads, highlighting the vulnerability. He additionally claimed that the ChatGPT app didn’t use the usual macOS sandbox that protects app knowledge and consumer info, and all of the previous conversations have been saved in plain textual content which may simply be accessed by malware or a nasty actor attacking the system.
Sandboxing is a normal safety mechanism which ensures that an app runs in an remoted and safe surroundings on a tool. This method permits builders to guard app knowledge and consumer info away from different apps, together with utilizing encryption for safety whereas it’s on a consumer’s system.
In a separate put up, the developer highlighted that macOS has blocked entry to any personal knowledge ever since macOS Mojave was launched in 2018, when sandboxing is used. Consequently, all apps working on the working system want express consumer permission earlier than they’ll entry consumer knowledge from one other app.
Vieito mentioned the rationale ChatGPT didn’t have these safeguards constructed into the app, was as a result of “OpenAI selected to opt-out of the sandbox and retailer the conversations in plain textual content in a non-protected location, disabling all of those built-in defences.”
In the meantime, The Verge stories that the corporate has launched an replace for the app that resolves this concern. This replace is claimed to encrypt the chats to guard them from simply being accessed. In a press release to the publication, OpenAI spokesperson Taya Christianson mentioned, “We’re conscious of this concern and have shipped a brand new model of the applying which encrypts these conversations.”
