OpenAI pushes macOS updates

OpenAI told macOS users to update its desktop apps after a compromised third-party tool touched the system it uses to prove those apps are genuine. (openai.com) OpenAI said the issue began on March 31, 2026, when version 1.14.1 of Axios, a developer library, was compromised in a broader software supply-chain attack. The company said a GitHub Actions workflow in its macOS app-signing process downloaded and ran that version. (openai.com) That workflow had access to a signing certificate and notarization material for ChatGPT Desktop, Codex, Codex-cli, and Atlas, according to OpenAI. The company said it rotated the certificate, replaced the affected workflow, and deprecated older macOS builds. (openai.com) A code-signing certificate is the digital ID that tells macOS an app came from a known developer, and notarization is Apple’s extra malware check before software runs. OpenAI’s support page says administrators who check certificate fingerprints or organization names must update their allowlists after the change. (help.openai.com) OpenAI said it found no evidence that the incident compromised user data or its core systems. Reuters reported the company described the move as a protective step tied to the third-party tool rather than a breach of OpenAI’s own environment. (openai.com) (reuters.com) The update reaches beyond individual laptops because ChatGPT for macOS is now woven into workplace and campus setups that connect the app to coding tools, terminals, notes apps, and managed device policies. OpenAI’s macOS help pages say the app can work with other apps on Mac and that network or certificate rules can block access if administrators do not update them. (help.openai.com 1) (help.openai.com 2) OpenAI also told users in managed environments to update firewall and inspection settings if they rely on Cloudflare Zero Trust or similar controls. Its support guidance says Mac and iOS native apps, unlike the web client, can lose access until those policies are changed. (help.openai.com) The company published a new macOS allowlist entry under the organization name “OpenAI OpCo, LLC,” while keeping the same Apple Team ID, 2DC432GLL2. It also posted new certificate fingerprints for security teams that pin trust to a specific certificate. (help.openai.com) For users, the practical step is simple: install the latest OpenAI macOS app and restart it. For administrators, the job is broader: replace old certificate checks so legitimate OpenAI apps keep working after the certificate rotation. (help.openai.com 1) (help.openai.com 2)