OpenAI Mac app security alert
OpenAI warned macOS users to update apps after identifying a security issue tied to a third‑party developer library used in the verification process for its macOS apps. The company said the problem appears limited and asked users to apply the update. (cybernews.com)
OpenAI told macOS users on April 10 to update its desktop apps after a security issue touched the system that proves those apps are genuine. (openai.com) The company said the issue involved Axios, a third-party developer tool, and affected the process used to certify OpenAI’s Mac applications as legitimate software. OpenAI said it found no evidence that user data was accessed, its systems or intellectual property were compromised, or its software was altered. (openai.com) The update applies to OpenAI’s macOS apps, including ChatGPT Desktop, Codex, Codex Command Line Interface, and Atlas, according to reports citing the company’s notice. OpenAI said users should install the latest versions released on April 10. (9to5mac.com) On a Mac, app verification works like a digital seal: Apple and developers use signing certificates to show software came from the claimed source and has not been swapped out. OpenAI said it is updating those security certifications so its Mac apps keep using current, trusted credentials. (openai.com) The warning came after what OpenAI called a broader industry incident involving Axios. CNBC reported on April 11 that OpenAI described the problem as limited and said it was acting “out of an abundance of caution” while protecting the certification process for its macOS apps. (cnbc.com) That makes this a software supply chain problem, where a company’s own code is not necessarily hacked but a tool used during development can expose part of the build process. In this case, OpenAI’s public statement points to the app-signing workflow rather than a breach of customer accounts or the ChatGPT service itself. (openai.com) For users, the practical change is simple: older Mac app builds may stop working once OpenAI finishes rotating certificates. Multiple reports said the cutoff date for outdated versions is May 8. (nerds.xyz) OpenAI’s message was narrower than a typical breach notice: update the apps, but there is no indication so far that chats, files, or account data were exposed. The company said it is replacing the affected certifications and moving users onto newly signed versions. (openai.com)
