Back in May, OpenAI announced the release of the ChatGPT desktop app for macOS. After a priority rollout to the Plus versions, the app was made available to everyone for a week. The app is designed to seamlessly integrate with everything they do on their computers using a keyboard shortcut. The only problem: This version suffers from a notorious security issue. The flaw was discovered by developer Pedro José Pereira Vieito.
The latter explains on His Mastodon account that “OpenAI ChatGPT on macOS is not sandboxed and stores all plain text conversations in an unprotected location.”And thus he confirms that. “Any other running app/process/malware can read all your ChatGPT conversations without any permission requests.” It's worrying news to say the least when we know that Apple is quite serious about the security of its users and the protection of their private data.
A major blow to Apple, a big advocate of privacy
In fact, macOS has blocked access to private data for all users since macOS Mojave 10.14, six years ago. As such, any app that accesses users’ private data (calendar, contacts, messages, photos, third-party app sandboxes, etc.) now requires explicit user access. However, OpenAI chose to opt out of the sandbox and store conversations in plain text in an unprotected location, thereby disabling all of these built-in defenses.
After communicating with our colleagues from the edge Regarding this incident, OpenAI appears to have fixed the issue and released an update that claims to encrypt conversations. “We are aware of this issue and have released a new version of the app that encrypts these conversations.” “We are working on a new way to create a new kind of AI,” OpenAI spokesperson Taya Christianson said in a statement. the edge.
Beyond this vulnerability, security seems to be a relative priority. The company has been repeatedly singled out for its lack of transparency and commitment to the safety of its users. After the departure of several key members responsible for security, the AI startup tried to keep up the appearances last month by announcing the creation of a safety and security committee. The latter is notorious for its ethics and independence, as it is made up of members of the company’s board of directors.
“Certified gamer. Problem solver. Internet enthusiast. Twitter scholar. Infuriatingly humble alcohol geek. Tv guru.”
