Beware ChatGPT on Mac: SpAIware Exposes Your Data

A vulnerability has been discovered in the ChatGPT application for macOS, allowing malefactors to install spyware through the use of the artificial intelligence memory function. Experts have named this technique SpAIware, noting that it enables a continuous data leak, including information entered by users or received in chats.

Security researchers disclosed that the vulnerability exploits the memory feature that OpenAI added to ChatGPT in February and later extended to all users, both free and paid. This function permits the chatbot to “remember” certain data from various chats, so users need not repeat the same information.

However, it has been found that this mechanism can be used to inject malicious instructions into the system’s memory, allowing potential hackers to conduct espionage in all new chats by sending the user’s confidential information to a controlled server. It suffices to entice the user to visit a malicious website or download a file containing hidden commands for the ChatGPT application.

After the vulnerability was revealed, OpenAI released ChatGPT version 1.2024.247, eliminating the possibility of data leakage. Experts urge users to regularly review the information stored in ChatGPT’s memory to remove any suspicious or incorrect data.

Rehberger also noted that this case vividly demonstrates the risks associated with long-term data storage, both in terms of misinformation and potential interaction with malicious servers.

Thus, even such useful features as memory can become potential threats if security issues are not given due attention. Users should be cautious about what data they entrust to such services, and developers must promptly rectify any vulnerabilities to minimize risks to data confidentiality and security.