OpenAI has proactively rotated its macOS code-signing certificate following a breach in Axios, a third-party JavaScript library, which introduced a malicious version 1.14.1 into its app-signing workflow. These measures were taken to prevent potential malware attacks, as signed applications are typically trusted by macOS environments. OpenAI’s investigation revealed no evidence of data theft or intellectual property compromise, nor was the signing certificate successfully exfiltrated. Nevertheless, the incident highlighted vulnerabilities in the software supply chain. Effective May 8, 2026, older versions of OpenAI’s macOS applications, including ChatGPT Desktop and Codex, will no longer receive updates and may become non-functional. Users are advised to update to newer versions signed with the renewed certificate. OpenAI stressed the safety of user data, emphasizing its commitment to security and transparency during this critical incident. For ongoing updates, follow TechRadar and subscribe to their newsletter.
Source link
