OpenAI macOS fix urged
OpenAI disclosed a security issue involving a third‑party tool but said it found no evidence that user data was accessed, prompting urgent action for macOS users. The problem appears tied to a compromised Axios JavaScript library used in the app‑signing process, which led OpenAI to revoke certificates and require users to update before older versions lose support after May 8. (cnbc.com) (cybersecuritynews.com)
OpenAI is telling macOS users to update its apps now after a security issue touched the system that proves those apps are really from OpenAI. (openai.com) OpenAI said on April 10 that the issue involved Axios, a third-party developer tool, and that it revoked and replaced security certificates used for its macOS apps. The company said it found no evidence that user data was accessed, its systems were compromised, or its software was altered. (openai.com) The update applies to OpenAI’s Mac apps including ChatGPT, Codex, Atlas, and Codex Command Line Interface, according to OpenAI and follow-up coverage from 9to5Mac. Older versions may stop working after May 8, 2026, if users do not install the latest releases. (openai.com) (9to5mac.com) On a Mac, a developer certificate works like an official seal that tells the operating system an app came from a known publisher. OpenAI said it is changing those certificates to reduce the risk that someone could distribute a fake app that appears to be from OpenAI. (openai.com) The trigger was a software supply-chain incident, which is when attackers tamper with a tool used by many companies instead of breaking into each company one by one. Reuters and CNBC reported that OpenAI tied its response to a broader industry incident involving Axios. (cnbc.com) (msn.com) OpenAI’s public statement was narrow: it did not describe a user-data breach, and it did not say its own software had been modified. The company framed the move as a precaution around app-signing, the step that lets macOS verify an app before it runs. (openai.com) (cnbc.com) For users, the practical effect is simple: download the newest Mac versions before May 8 or risk losing access when the old certificates age out. OpenAI’s notice points users to current downloads rather than offering a workaround for unsupported older builds. (openai.com) The episode lands as software companies face more attacks aimed at the tools behind the scenes, not just the apps customers see. OpenAI’s answer was to rotate certificates first and force updates second, so the Mac apps people open after May 8 carry a fresh proof of origin. (openai.com) (forbes.com)
