Important safety considerations have been raised concerning the OpenAI ChatGPT app on macOS. The app reportedly shops consumer conversations in plain textual content in a non-protected location, sparking a debate about its adherence to macOS’s stringent safety protocols.
This observe signifies that another working app, course of, or malware can probably entry these conversations with none permission immediate or the info saved inside them.
The OpenAI ChatGPT app on macOS just isn’t sandboxed and shops all consumer conversations in plain textual content on the following location: ~/Library/Utility Help/com.openai.chat/conve…{uuid}/ That is demonstrated by Pedro José Pereira Vieito on Threads.
Because the launch of macOS Mojave 10.14, six years in the past, macOS has carried out sturdy safety measures to dam unauthorized entry to consumer personal knowledge.
These measures require specific consumer permission for any app making an attempt to entry delicate data, similar to:
- Calendar
- Contacts
- Photographs
- Paperwork & Desktop folders
- Any third-party app sandbox
Pereira Vieito defined how he uncovered the unique concern. “I used to be interested in why [OpenAI] opted out of utilizing the app sandbox protections and ended up checking the place they saved the app knowledge,” he mentioned. His investigation revealed that OpenAI shops ChatGPT conversations in a non-protected location, making them accessible to any working app, course of, or malware.
Are you from SOC/DFIR Groups? - Join a free ANY.RUN account! to Analyse Superior Malware Information
Regardless of these built-in defenses, OpenAI selected to opt-out of the macOS sandbox and retailer conversations in plain textual content in a non-protected location.
This choice successfully disables the safety measures designed to guard consumer knowledge from unauthorized entry.
OpenAI distributes the ChatGPT macOS app completely by means of its personal web site, bypassing the Mac App Retailer.
This distribution technique permits the app to keep away from Apple’s sandboxing necessities, that are obligatory for software program distributed by way of the Mac App Retailer.
“We’re conscious of this concern and have launched a brand new model of the appliance that encrypts these conversations,” OpenAI spokesperson Taya Christianson mentioned to Cyber Safety Information.
The revelation has led to widespread concern amongst customers and safety consultants. Many query why OpenAI would bypass such crucial safety protocols, probably exposing delicate consumer knowledge to malicious actors.
Safety consultants and tech journalists intently monitor the scenario, with many calling for quick motion to deal with these vulnerabilities.
The incident highlights the continued challenges in making certain knowledge safety and the obligations of builders in safeguarding consumer data.
As the controversy continues, it underscores the significance of adhering to established safety protocols to guard consumer knowledge.
Each platform suppliers and app builders should collaborate to make sure sturdy knowledge safety measures are in place.
"Is Your System Below Assault? Strive Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Customers!"- Free Demo
