OpenAI Fixes Security Vulnerabilities in ChatGPT macOS Application

2024-07-04

OpenAI's latest ChatGPT macOS application has a potential security vulnerability that raises concerns: the chat logs stored on the computer are not only easily accessible but also in plain, unencrypted text. This means that if malicious users or software gain access to a user's computer, they can easily browse through all the conversations with ChatGPT and access sensitive information. As demonstrated by Pedro José Pereira Vieito on the Threads platform, due to the accessibility of these chat logs, other applications can also easily read these files and display the conversation content immediately after the chat ends. Vieito even showcased his own application, which can read ChatGPT conversation records with a simple click of a button. OpenAI subsequently released an updated version, claiming that they have encrypted the chat logs. "We are aware of this issue and have released a new version of the application to encrypt these conversations," said OpenAI spokesperson Taya Christianson to The Verge. "We are committed to providing a high-quality user experience while maintaining high standards of security." After the update, Vieito's application can no longer access the conversations or view the chat logs in plain text. When asked how he discovered this initial issue, Vieito said, "I was curious why [OpenAI] didn't use app sandboxing, so I checked where they store the application data." Since OpenAI can only distribute the ChatGPT macOS application through its official website, it means that the application is not subject to the sandbox rules enforced by the Mac App Store for software distribution. Unless users actively choose to opt out, OpenAI may review ChatGPT conversations to ensure security and optimize its model. However, it is evident that users would not want this permission to be easily obtained and exploited by unknown third parties. Fortunately, the situation has not escalated to the point where all content displayed on the computer is stored in plain text. Nevertheless, this incident serves as a reminder of the importance of personal information security for users.