OpenAI’s ChatGPT Mac app was storing conversations in plain text

OpenAI's ChatGPT macOS app had a security flaw that allowed easy access to users' chat history in plain text, potentially exposing conversations to malicious actors. The issue was demonstrated by Pedro José Pereira Vieito, who created an app that could read the chat files with a simple click. The Verge alerted OpenAI about the problem, prompting the company to release an update that encrypts the chats.

After the update, the app created by Pereira Vieito no longer worked, and the chats were no longer visible in plain text. Pereira Vieito discovered the issue while investigating why OpenAI did not use Apple's app sandbox protections. OpenAI distributes the ChatGPT macOS app through its own website, bypassing Apple's sandboxing requirements for software distributed via the Mac App Store.

Key takeaways:

OpenAI's ChatGPT macOS app had a security issue where user chats were stored in plain text on the computer, making them easily accessible to malicious actors.
Pedro José Pereira Vieito demonstrated the vulnerability by creating an app that could read these conversations with a simple click.
After being contacted by The Verge, OpenAI released an update that encrypts the chats, thus resolving the issue.
OpenAI's ChatGPT macOS app is only available through its own website, bypassing Apple's sandboxing requirements that apply to software distributed via the Mac App Store.

OpenAI’s ChatGPT Mac app was storing conversations in plain text

Key takeaways:

Comments (0)

Newsletter