ChatGPT for macOS was launched for final week by OpenAI. Days after the app was launched, a developer has claimed that the app had a safety flaw that might make it simpler for a foul actor with entry to the machine to steal data associated to consumer’s queries and the chatbot’s responses, because the ChatGPT app was allegedly storing earlier conversations in plain textual content in a non-secure surroundings, which led to the problem. Nevertheless, a report on Wednesday acknowledged that OpenAI has rolled out an replace that fixes the issue.
ChatGPT macOS app launched with safety flaw
Developer Pedro José Pereira Vieito on Monday shared a publish on Threads, highlighting the vulnerability. He additionally claimed that the ChatGPT app didn’t use the usual macOS sandbox that protects app information and consumer data, and all of the previous conversations have been saved in plain textual content which might simply be accessed by malware or a foul actor attacking the machine.
Sandboxing is a normal safety mechanism which ensures that an app runs in an remoted and safe surroundings on a tool. This technique permits builders to guard app information and consumer data away from different apps, together with utilizing encryption for safety whereas it’s on a consumer’s machine.
In a separate publish, the developer highlighted that macOS has blocked entry to any non-public information ever since macOS Mojave was launched in 2018, when sandboxing is used. Because of this, all apps operating on the working system want express consumer permission earlier than they’ll entry consumer information from one other app.
Vieito mentioned the explanation ChatGPT didn’t have these safeguards constructed into the app, was as a result of “OpenAI selected to opt-out of the sandbox and retailer the conversations in plain textual content in a non-protected location, disabling all of those built-in defences.”
In the meantime, The Verge reviews that the corporate has launched an replace for the app that resolves this concern. This replace is alleged to encrypt the chats to guard them from simply being accessed. In an announcement to the publication, OpenAI spokesperson Taya Christianson mentioned, “We’re conscious of this concern and have shipped a brand new model of the appliance which encrypts these conversations.”
