OpenAI has resolved a security issue linked to the third-party developer tool Axios, confirming no user data exposure or system compromise occurred. The company discovered that Axios was compromised during a broader software supply chain attack believed to be associated with North Korea. This incident involved a malicious version of Axios affecting a GitHub Actions workflow used by OpenAI to certify macOS applications. Despite the attack, OpenAI asserts that its signing certificate remained secure and user credentials, such as passwords and API keys, were unharmed. To mitigate risks, OpenAI requires all macOS users to update to the latest versions of its applications by May 8, as older versions will lose support and functionality. The root cause was attributed to a misconfiguration within the GitHub Actions workflow, which OpenAI has now rectified. These proactive security measures reaffirm OpenAI’s commitment to safeguarding user data and application integrity.
Source link
Share
Read more