CVE-2024-40594

low-risk

Published 2024-07-06

The OpenAI ChatGPT app before 2024-07-05 for macOS opts out of the sandbox, and stores conversations in cleartext in a location accessible to other apps.

Do I need to act?

0.01% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 2.3/10 Low

LOCAL / LOW complexity

References (4)

https://arstechnica.com/ai/2024/07/chatgpts-much-heralded-mac-app-was-storing-co...

https://www.theverge.com/2024/7/3/24191636/openai-chatgpt-mac-app-conversations-...

https://arstechnica.com/ai/2024/07/chatgpts-much-heralded-mac-app-was-storing-co...

https://www.theverge.com/2024/7/3/24191636/openai-chatgpt-mac-app-conversations-...

/ 100

low-risk

Severity 10/34 · Low

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal