OpenAI tightens macOS security after Axios supply-chain hit
OpenAI says it detected a security issue tied to the Axios third‑party library but found no evidence that user data, systems, or IP were accessed. The incident stemmed from a North Korea–linked supply‑chain attack that compromised a GitHub Actions workflow used to download a malicious Axios version, which had access to signing and notarization material for macOS apps such as ChatGPT Desktop. OpenAI believes the signing certificate was not exfiltrated. The company is updating security certifications and requiring macOS users to install the latest OpenAI apps; older macOS versions will stop receiving updates after May 8. The root cause was a misconfiguration in the workflow, which has been fixed, and passwords/API keys were not affected.
- OpenAI identifies security issue involving third-party tool, says user data was not accessed CNBC
- OpenAI flags software supply chain scare Axios
- OpenAI says to update Mac apps including ChatGPT and Codex as security precaution 9to5Mac
- OpenAI Reveals Security Breach, Tightens macOS App Verification Protocols Benzinga
- What is the OpenAI security issue and why is it important? News.az
Reading Insights
0
5
1 min
vs 2 min read
64%
318 → 115 words
Want the full story? Read the original article
Read on CNBC