<\/p>\n
OpenAI has confirmed that it had faced a recent security issue involving the third-party developer library Axios, which it says was \u2018part of a broader industry incident\u2019. The ChatGPT maker, in a post on X, says that it found no evidence that its user data was accessed or its systems were compromised or its software was altered in any way.<\/p>\n<\/div>\n
\u201cOut of an abundance of caution, we are taking steps to protect the process that certifies our macOS applications are legitimate OpenAI apps,\u201d the company wrote in a post on X.<\/p>\n<\/div>\n
\u201cWe are updating our security certifications, which will require all macOS users to update their OpenAI apps to the latest versions. This helps prevent any risk\u2014however unlikely\u2014of someone attempting to distribute a fake app that appears to be from OpenAI. You can update safely through an in-app update or at the official links below,\u201d it added.<\/p>\n<\/div>\n
OpenAI has also clarified that the vulnerability is strictly limited to its macOS applications. If you use ChatGPT<\/a> on iOS<\/a>, Android, Windows, Linux, or through a web browser, you are completely unaffected by this incident.<\/p>\n<\/div>\n The security issue stems from a “supply chain attack” on 31, 2026. Instead of attacking OpenAI directly, hackers compromised Axios<\/a>, a popular online library that developers use to build their software. The company noted in a blog post that a GitHub Actions workflow used in its macOS<\/a> app-signing process ended up downloading a malicious version of the library.<\/p>\n<\/div>\n This workflow had access to the certificates used to sign Mac applications like ChatGPT Desktop and Codex. The certificate basically tells the operating system that the software comes from a legitimate developer.<\/p>\n<\/div>\n While OpenAI says that its analysis shows the certificate was likely not stolen by the malicious payload, the company says \u2018out of an abundance of caution\u2019, it is treating the certificate as compromised and is revoking and rotating it.<\/p>\n<\/div>\n As a result of the security incident, the ChatGPT maker is forcing a mandatory update for its macOS users. The company says older versions of the Mac desktop apps will no longer receive updates or support from 8 May 2026, and they may stop functioning entirely.<\/p>\n<\/div>\n If a bad actor did manage to get their hands on the old certificate, they could technically use it to sign their own code and create fake ChatGPT apps that look legitimate. To counter this, the company has stopped new software notarisation using the old certificate. Once the old certificate is fully revoked in May, macOS security protections will automatically block any new downloads and first-time launches of apps signed with it.<\/p>\n<\/div>\n This means that any fraudulent app posing as an OpenAI app using the impacted certificate will lack notarisation, and therefore will be blocked by default by macOS security protections unless a user explicitly bypasses those protections.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":" OpenAI has confirmed that it had faced a recent security issue involving the third-party developer library Axios, which it says was \u2018part of a broader industry incident\u2019. The ChatGPT maker, in a post on X, says that it found no evidence that its user data was accessed or its systems were compromised or its software […]<\/p>\n","protected":false},"author":2,"featured_media":424018,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[9366,188,183,5834,9367,46641,185,186,187,184,5792,189,150,182,190],"class_list":["post-424005","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology","tag-ai-chatgpt","tag-blockchain-tech","tag-blockchain-technology","tag-chatgpt","tag-chatgpt-ai","tag-chatgpt-mac","tag-crypto-technology","tag-cryptocurrency-technology","tag-metaverse-technology","tag-nft-technology","tag-openai","tag-soul-bound-token","tag-tech","tag-technology","tag-token-technology"],"_links":{"self":[{"href":"https:\/\/dripp.zone\/news\/wp-json\/wp\/v2\/posts\/424005","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dripp.zone\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dripp.zone\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dripp.zone\/news\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/dripp.zone\/news\/wp-json\/wp\/v2\/comments?post=424005"}],"version-history":[{"count":1,"href":"https:\/\/dripp.zone\/news\/wp-json\/wp\/v2\/posts\/424005\/revisions"}],"predecessor-version":[{"id":424019,"href":"https:\/\/dripp.zone\/news\/wp-json\/wp\/v2\/posts\/424005\/revisions\/424019"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dripp.zone\/news\/wp-json\/wp\/v2\/media\/424018"}],"wp:attachment":[{"href":"https:\/\/dripp.zone\/news\/wp-json\/wp\/v2\/media?parent=424005"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dripp.zone\/news\/wp-json\/wp\/v2\/categories?post=424005"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dripp.zone\/news\/wp-json\/wp\/v2\/tags?post=424005"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}What happened during the security incident?<\/h2>\n
Mandatory update for Mac users<\/h2>\n