OpenAI has reported a security issue linked to the third-party Axios library, which was compromised due to a software supply chain attack suspected to be associated with groups connected to North Korea. On March 31, a malicious GitHub Actions workflow was identified, potentially impacting the signing certificates for macOS applications including ChatGPT Desktop. However, OpenAI confirmed that there was no evidence of user data access or system breaches, and passwords and API keys remained safe. The company has since strengthened its security protocols, fixing the misconfiguration in GitHub Actions and updating its security certificates. OpenAI is advising macOS users to update their applications to the latest versions, as older versions will discontinue support after May 8, which may lead to functionality issues. This proactive response underscores OpenAI’s commitment to user security and effective software management in the face of emerging threats.
Source link
OpenAI Identifies Security Vulnerability in Third-Party Library, Urges macOS Users to Update Apps
Share
Read more