OpenAI Urges macOS Users to Update Apps Amid Security Threat

OpenAI Urges macOS Users to Update Apps Amid Security Threat

Posted on By CWS

OpenAI has issued an urgent update for macOS users following a security breach related to Axios, a popular JavaScript library. This incident is part of a larger software supply chain attack identified on March 31, 2026.

Details of the Security Breach

The breach involved threat actors, suspected to be linked to North Korea, taking control of the npm account of an Axios maintainer. They released malicious updates, specifically versions v1.14.1 and v0.30.4, which included a hidden Remote Access Trojan (RAT) named plain-crypto-js. This malware was capable of targeting systems across Windows, macOS, and Linux platforms.

Palo Alto Networks’ Unit 42 reported that the RAT was designed for system surveillance, persistence, and self-destruction to avoid detection. With over 100 million weekly downloads, Axios’s compromise posed a significant risk.

Impact on OpenAI’s Systems

OpenAI’s build processes, which utilized Axios in its GitHub Actions workflow, inadvertently integrated the compromised library. This allowed access to critical certificate and notarization materials used for signing OpenAI’s macOS applications, such as ChatGPT Desktop and Codex.

Such access could enable attackers to create counterfeit OpenAI applications. However, OpenAI quickly addressed the root cause, a misconfiguration in its GitHub workflow, and has since resolved it.

Response and Recommendations

To mitigate potential risks, OpenAI is revoking and renewing all macOS security certificates. Users are urged to update their OpenAI applications, including ChatGPT and Codex, to the latest versions to maintain security.

OpenAI assured users that passwords and API keys were not compromised. However, older versions of the applications will stop receiving updates after May 8, 2026, and may become non-functional. Users should update via in-app prompts or official download links.

This incident highlights the increasing threat of software supply chain attacks, urging organizations to adopt enhanced security practices like dependency pinning and workflow audits.

Stay informed with the latest cybersecurity news by following us on Google News, LinkedIn, and X. Contact us to share your cybersecurity stories.

Cyber Security News Tags:, , , , , , , , , , , , ,

Related Posts

TAG-144 Actors Attacking Government Entities With New Tactics, Techniques, and Procedures TAG-144 Actors Attacking Government Entities With New Tactics, Techniques, and Procedures Cyber Security News
Fog Ransomware Actors Exploits Pentesting Tools to Exfiltrate Data and Deploy Ransomware Fog Ransomware Actors Exploits Pentesting Tools to Exfiltrate Data and Deploy Ransomware Cyber Security News
Threat Actors Hijacking MS-SQL Server to Deploy XiebroC2 Framework Threat Actors Hijacking MS-SQL Server to Deploy XiebroC2 Framework Cyber Security News
CISA Adds Critical React2Shell Vulnerability to KEV Catalog Following Active Exploitation CISA Adds Critical React2Shell Vulnerability to KEV Catalog Following Active Exploitation Cyber Security News
Phishing Emails Target iOS Users with Fake AI Apps Phishing Emails Target iOS Users with Fake AI Apps Cyber Security News
Fancy Bear Hackers Attacking Governments, Military Entities With New Sophisticated Tools Fancy Bear Hackers Attacking Governments, Military Entities With New Sophisticated Tools Cyber Security News