close
close

ChatGPT Mac app logged queries to unencrypted file before being detected

Posted on by angelo

Apple has strict guidelines regarding protecting user data with sandboxing, but ChatGPT for Mac got around all of that by storing conversations in plain text until it was patched on June 28.

When everything works as expected on Mac, data should be siloed between apps so that no app can access another app’s data without an API or user permission. ChatGPT decided to ignore Apple’s advice and broke this structure by opting for sandboxing and storing user conversations in plain text.

Storing files this way allowed any other Mac application to freely find and read them. This means that if a user’s Mac were infected with malware or malicious applications, the private data shared with ChatGPT could be freely read.

Pereira Vieito discovered the issue and shared it on Threads.

An update to ChatGPT for Mac was released on Friday to fix this issue. All data generated when using ChatGPT is now hidden behind encryption.

“We are aware of this issue and have released a new version of the app that encrypts these conversations,” OpenAI spokesperson Taya Christianson said in a statement. The edge“We are committed to providing a useful user experience while maintaining our high security standards as our technology evolves.”

When an app is submitted to the Mac App Store or for notarization, it goes through a verification process that ensures the app handles data through sandboxing. This is a method that ensures that apps only have access to the data they have and no other data on the system.

OpenAI’s ChatGPT app for Mac is distributed from the web and does not use sandboxing. The app can access private data shared by the user, such as emails and confidential recordings, to perform any task requested by the user.

If you have ChatGPT for Mac installed, make sure it has been updated to the latest version. While the vulnerability has likely not been exploited in the short time since the app was launched, it is still a stupid mistake from a company like OpenAI.

The ChatGPT app for Mac is separate from OpenAI’s broader partnership with Apple. Later this fall, users will be able to choose to send certain queries to ChatGPT instead of Apple Intelligence as part of macOS Sequoia.