#记录我的2024#
Quick guide
Pedro José Pereira Vieito recently disclosed a security vulnerability in the Mac ChatGPT application, where user conversations and data were at risk due to the app storing information in plain text. This flaw allowed unauthorized apps to easily access and view stored data, potentially compromising user privacy. The app’s lack of compliance with Apple’s common sandbox protocol, a security measure that restricts apps to their own data to prevent unauthorized access or modification, raised concerns about data protection standards and potential risks to user information. OpenAI swiftly released an updated version of the ChatGPT app for macOS after being notified, implementing encryption measures to protect user conversations and prevent unauthorized access attempts, reassuring users about the app’s security and data protection.
Worrying security issues associated with the Mac ChatGPT app
Developer Pedro José Pereira Vieito recently revealed a security flaw in the Mac ChatGPT app, where users' conversations and data are at risk due to the app storing information in plaintext. By bypassing security measures, this allows unauthorized applications to simply access and view the stored data, potentially jeopardizing the user's privacy. For example, Vieito can use an app he developed himself to access past conversations between users and ChatGPT.
Lack of compliance with sandbox protocols
The Verge noted that the ChatGPT app did not adhere to the sandboxing protocol commonly used by Apple apps. A sandbox is a security measure that restricts an application to its own data, preventing unauthorized applications from accessing or modifying the data without explicit consent. The breach of this agreement raises concerns about the app's data protection standards and the potential risks it could pose to user information.
Quickly address and strengthen security measures
After receiving the notification, OpenAI quickly released an updated version of the macOS version of the ChatGPT app to address the issue. This update implements encryption measures to protect users' conversations and prevent unauthorized access attempts, such as the one demonstrated by Vieito. OpenAI's positive response, as well as its commitment to maintaining high security standards, gives users peace of mind about the app's security and data protection.