OpenAI Warns Mac Users to Update Apps After Supply-Chain Attack

OpenAI Warns Mac Users to Update Apps After Supply-Chain Attack

Briefly

"OpenAI says Mac users must update ChatGPT, Codex, and Atlas apps by June 12 after an npm supply-chain attack exposed signing certificates. OpenAI is telling Mac users to update its apps by June 12 after a developer-focused supply chain attack exposed code-signing certificates associated with its products."

"The company said two employee devices were compromised through malware linked to the Mini Shai-Hulud campaign, which targeted developer credentials through compromised npm packages. OpenAI said it found no evidence that customer data or production systems were accessed, but it is rotating certificates and urging users to install updated versions from official sources."

""We have taken decisive steps to protect our user data, systems, and intellectual property," OpenAI wrote in its post. "As part of our response, we are taking steps to protect the process that certifies our macOS applications are legitimate OpenAI apps.""

"The practical risk is not that OpenAI's apps suddenly became unsafe. Stolen signing materials could help attackers make malicious software appear more trustworthy than it should be. How developer devices were compromised The issue stems from a broader compromise of a popular npm package used by several developers, including OpenAI."