ChatGPT for Mac app logged queries in an unencrypted file before getting caught
Apple has strict guidelines about protecting user data with sandboxing, but ChatGPT for Mac bypassed all of this by storing conversations in plain text until it was patched on June 28.
ChatGPT for Mac
When everything is working the way it should on Mac, data should be siloed between apps so no single app can access another app's data without APIs or user permission. ChatGPT decided to ignore Apple's guidance and broke that structure by opting out of sandboxing and storing user conversations in plain text.
Storing files this way left them open for any other Mac app to find and read them freely. That means if a user's Mac was infected with malware or malicious apps, the private data shared with ChatGPT could be read freely.
Pereira Vieito discovered the problem and shared it on Threads.
Post by @pvieitoView on Threads
An update to ChatGPT for Mac was issued on Friday to patch this problem. All data from using ChatGPT is now hidden behind encryption.
"We are aware of this issue and have shipped a new version of the application which encrypts these conversations," OpenAI spokesperson Taya Christianson says in a statement to The Verge. "We're committed to providing a helpful user experience while maintaining our high security standards as our technology evolves."
When an app is submitted to the Mac App Store or for it notarization, it goes through a review process that ensures the app handles data via sandboxing. It is a method that ensures apps only have access to the data they have and none else on the system.
OpenAI's ChatGPT for Mac app is distributed from the web and doesn't use sandboxing. The app can access private data the user shares, like emails and confidential records, to perform whatever task the user asks.
If you've installed ChatGPT for Mac, ensure it has been updated to the latest version. While the vulnerability likely wasn't taken advantage of in the short time since the app launched, it is still a silly mistake for a company like OpenAI to make.
The ChatGPT for Mac app is separate from the larger partnership OpenAI has with Apple. Later in the fall, users can opt to send some requests to ChatGPT instead of Apple Intelligence as a part of macOS Sequoia.
Read on AppleInsider
Comments
The A__ (Narcissist) is just jealous that his time is up.
"Open"AI.
Open for all to see.
But on a serious note, doesn't this reflect on Apple and macOS, too?
Maybe the operating system should be more openly surfacing where an app is writing data to? The Installer does a fine job of that, but maybe make that a standard feature for running apps. too?
Nope
That's not how any of this works. The ChatGPT app on macOS has nothing to do with the ChatGPT handoff that occurs thanks to the company's partnership. Apple Intelligence is made by Apple, powered by Apple Silicon on device or in an Apple-run server. If a user sends a query to ChatGPT from their device, it is with explicit permission and through a separate service channel that doesn't log IP, the query, or any attached data.
You being Musk fanboy explains how you regular get things completely wrong but are completely confident you are correct.
It goes something like this ...
"We at _<insert corp name>_ take _<insert the name of what you just screwed up>_ very seriously. We are fully committed to ensuring that our customers are our top priority when it comes to _<insert the name of what you just screwed up>_ in all of our current and future products."
Of course there are variations on the theme. But the gist of it is basically the same, gloss over what just happened and then state that the entire company has always been fully committed to ensuring what just happened could never happen. But it just did - and they don't want to talk about specifics any more. Let's just talk about visions, goals, and happy unicorns.
Welcome to the bullshitosphere.