ChatGPT for macOS was launched for final week by OpenAI. Days after the app was launched, a developer has claimed that the app had a safety flaw that may make it simpler for a nasty actor with entry to the machine to steal data associated to consumer’s queries and the chatbot’s responses, because the ChatGPT app was allegedly storing earlier conversations in plain textual content in a non-secure setting, which led to the problem. Nevertheless, a report on Wednesday acknowledged that OpenAI has rolled out an replace that fixes the issue.
ChatGPT macOS app launched with safety flaw
Developer Pedro José Pereira Vieito on Monday shared a publish on Threads, highlighting the vulnerability. He additionally claimed that the ChatGPT app didn’t use the usual macOS sandbox that protects app knowledge and consumer data, and all of the previous conversations had been saved in plain textual content which may simply be accessed by malware or a nasty actor attacking the machine.
Sandboxing is a normal safety mechanism which ensures that an app runs in an remoted and safe setting on a tool. This technique allows builders to guard app knowledge and consumer data away from different apps, together with utilizing encryption for safety whereas it’s on a consumer’s machine.
In a separate publish, the developer highlighted that macOS has blocked entry to any personal knowledge ever since macOS Mojave was launched in 2018, when sandboxing is used. Because of this, all apps operating on the working system want express consumer permission earlier than they will entry consumer knowledge from one other app.
Vieito stated the explanation ChatGPT didn’t have these safeguards constructed into the app, was as a result of “OpenAI selected to opt-out of the sandbox and retailer the conversations in plain textual content in a non-protected location, disabling all of those built-in defences.”
In the meantime, The Verge reviews that the corporate has launched an replace for the app that resolves this difficulty. This replace is claimed to encrypt the chats to guard them from simply being accessed. In a press release to the publication, OpenAI spokesperson Taya Christianson stated, “We’re conscious of this difficulty and have shipped a brand new model of the appliance which encrypts these conversations.”
