A recent security vulnerability was discovered in OpenAI's ChatGPT macOS application, which allowed easy access to stored chats on users' computers in plain, readable text. This vulnerability could potentially expose conversations and data to unauthorized parties if they gained access to the user's device.
Security Loophole and Exploitation
Pedro José Pereira Vieito demonstrated how another application could access and display recent ChatGPT conversations swiftly. By sharing his app with others, he illustrated how easily one could view ChatGPT conversations by simply changing file names. This exposed the security loophole, which was not addressed by Apple's sandboxing regulations since the app is available solely on OpenAI's website, not the Mac App Store.
Response and Resolution
Upon notification from The Verge, OpenAI promptly addressed the issue by releasing an update that encrypts these chats to enhance security. Following the update, Pereira Vieito's app ceased to function as before, preventing the plaintext viewing of conversations.
Background and Concerns
OpenAI may monitor ChatGPT conversations for safety and model training, but the exposure of such data to unauthorized third parties was unexpected. While users may consent to OpenAI's monitoring, the risk of external parties accessing and exploiting this data remains a concern.
