ChatGPT for Mac Exposes Chats: OpenAI Patches Flaw

Last month, OpenAI announced that ChatGPT for Mac was available to all users. With the official ChatGPT client, users can swiftly engage in text conversations, generate images, read screenshots or files, and search through dialogues. However, even a company of OpenAI’s stature has vulnerabilities in its security. ChatGPT for Mac stores all user conversations in plain text on the local disk.

This means that any application, process, or malware running on the Mac can directly access the complete chat logs without any authorization, potentially leading to the leakage of private data. Since the release of macOS Mojave 10.14 in 2018, Apple has introduced new security features to prevent unauthorized applications from accessing private data, prompting user consent when such access is required.

During the development of ChatGPT for Mac, OpenAI did not employ Apple’s recommended settings to store user data within a sandbox. Instead, OpenAI stored it in an unprotected path: ~/Library/Application Support/com.openai.chat/conve…{uuid}/

Storing data in an unprotected path is problematic enough, but OpenAI also failed to encrypt user data, making it remarkably easy for anyone to steal complete chat logs.

Tech enthusiast Pedro Jose discovered this issue and posted a demonstration video on Meta Threads. Following user feedback, OpenAI promptly released an updated version to address the problem.

In the latest version of ChatGPT for Mac, OpenAI has now encrypted the data stored locally. Although it is still not placed within a sandbox, the files are now encrypted, enhancing security to some extent.

Users of ChatGPT for Mac are advised to upgrade to the latest version immediately to ensure their security. You can download the latest installation package from the OpenAI website.