OpenAI Mac Apps Need Update By June 12 After Security Issue

OpenAI is forcing Mac users to update apps like ChatGPT Desktop by June 12. This is because old security codes were stolen, and Apple will block the apps after that date.
By Newsroom | Technology, Security |

Security Certificates Compromised, Mac Users Face June 12 Deadline

OpenAI has confirmed a security incident impacting its macOS applications, necessitating a mandatory update for users of software like ChatGPT Desktop, Codex, and Atlas. The breach involved the compromise of signing certificates, which Apple uses to verify trusted software. Affected Mac users must install updated versions of these applications before June 12. After this date, macOS security protections will prevent apps signed with the older certificates from running, effectively making the update a requirement to continue using the software.

The incident stemmed from a supply chain attack targeting a third-party developer tool, specifically a compromised version of Axios, a widely used online library. This tool was integrated into OpenAI's build pipeline for signing its macOS applications via a GitHub Actions workflow. The attacker reportedly gained access to an npm account and published malicious versions of the software.

Read More: Cerebras IPO Surges 89%, Raises $5.55 Billion on Debut

While OpenAI asserts that no user data was accessed, and their internal systems or intellectual property were not compromised, the exposure of signing certificates presented a risk. Had a malicious actor obtained the older certificates, they could have theoretically signed their own code, potentially creating counterfeit ChatGPT applications that appeared legitimate to unsuspecting users.

The company has confirmed that only a limited subset of internal source code repositories, to which two employees had access, experienced unauthorized access and credential exfiltration. Crucially, OpenAI states there is "no evidence that OpenAI user data was accessed, that our systems or intellectual property was compromised, or that our software was altered." The primary impact appears to be the need to rotate and re-sign applications with updated certificates.

Users are advised to download updated applications solely through OpenAI's official websites or their built-in update mechanisms to ensure they are installing legitimate versions. This precautionary measure ensures that the applications continue to be signed with OpenAI’s latest certificate, thereby passing macOS verification checks without interruption.

Read More: Conservative Figures Use Nonprofits for Security Funding Amid Threats

Frequently Asked Questions

Q: Why do OpenAI Mac apps need an update by June 12?
OpenAI's security certificates for Mac apps were compromised. Apple's security will stop older apps from working after June 12, so an update is needed to keep using them.
Q: What happened to cause this security issue?
A third-party tool used to build OpenAI's Mac apps was attacked. This led to the compromise of the security certificates used to sign the apps.
Q: Will my OpenAI user data be affected?
OpenAI states there is no evidence that user data was accessed or that their systems or intellectual property were compromised. The main issue is the need to update the app's security signature.
Q: Where can I get the updated OpenAI Mac app?
You should only download updated apps from OpenAI's official websites or use the app's built-in update tool to ensure you get a safe and legitimate version.
Q: What happens if I don't update my OpenAI Mac app by June 12?
If you do not update by June 12, macOS security features will prevent the older, unverified versions of the apps from running, meaning you won't be able to use them.