Last May, OpenAI announced The ChatGPT desktop app runs on macOS. After a priority rollout in the Plus versions, the app has been available for one week for everyone. This application is designed to integrate seamlessly with everything you do on your computer using a keyboard shortcut. The only problem: this version suffers from a known security problem. A flaw was discovered by the developer, Pedro José Pereira Viejo.
Read also : Strengthen your security thanks to this application that
The latter explains to his Mastodon account What “The OpenAI ChatGPT app on macOS is not sandboxed and stores all plain text conversations in an unsecured location”. So he claims that “basically any other running app/process/malware can read all your ChatGPT conversations without any permission requests”. Disturbing news to say the least knowing this An apple is quite serious about the security of its users and the protection of their personal data.
A low blow to Apple, a great privacy advocate
macOS has actually blocked access to all users’ personal data since macOS Mojave 10.14, six years ago. Thus, any application that has access to users’ personal data (calendar, contacts, messages, photos, third-party application sandboxes, etc.) now requires explicit user access. However, OpenAI chose to withdraw from the sandbox and store the conversations in plain text in an unsecured location, thereby disabling all of these built-in protections.
After he was contacted by our colleagues from On the edge As for this incident, OpenAI seems to have fixed the issue and released an update that it claims encrypts conversations. “We are aware of this issue and have released a new version of the app that encrypts these conversations,” Taya Christianson, a spokeswoman for OpenAI, said in a statement on On the edge.
Beyond this vulnerability, the issue of security seems to be a relatively high priority. The company has repeatedly been singled out for its lack of transparency and commitment to the security of its users. After the departure of several key members in charge of security, the AI ​​startup last month tried to maintain appearances with announcing the creation of a safety and security committee. The latter is not distinguished by its ethics and independence, as it consists of members of the company’s board of directors.