OpenAI has warned users of its macOS apps about a potential security issue and has requested that they immediately update to the latest version. This warning comes after OpenAI identified a security vulnerability linked to a third-party developer tool called Axios. Although there is no evidence that user data has been leaked or that OpenAI's systems have been breached, the company is taking extra precautions to mitigate any potential risks. As part of these efforts, OpenAI is replacing its app verification certificate. Due to this change, older versions of its Mac apps will cease to function or will stop receiving updates. Let's look at the full details.
What Happened, and What Is OpenAI Doing?
The issue is linked to Axios—a widely used developer library that was recently compromised as part of a major supply chain attack. On March 31, 2026, a malicious version of Axios (version 1.14.1) was downloaded and executed during an automated process OpenAI uses to sign its macOS apps. The system running this process had access to a sensitive signing certificate and associated files. This certificate is crucial because it helps assure users that the app is authentic.
OpenAI's investigation suggests that the attacker likely failed to steal the certificate, as the specific configuration of the process and the timing of its execution made such a theft impossible. However, from a security standpoint, OpenAI is treating the certificate as if it *had* been compromised. As a precautionary measure, the company is revoking the old certificate and issuing a new one to replace it. This means that older versions of its macOS apps will no longer receive updates and will stop working as of May 8, 2026. Users are requested to update the following apps to their latest versions: ChatGPT Desktop, Codex, Codex CLI, and Atlas. Updating ensures that the apps are signed with new, secure certificates.
OpenAI stated, "As part of our investigation and response, we engaged a third-party digital forensics and incident response firm and replaced our macOS code-signing certificate. We released new builds of all affected macOS products featuring the new certificate and are working with Apple to ensure that software signed with the previous certificate cannot be newly notarized." "Once we fully revoke our certificate on May 8, 2026, new downloads and launches of apps signed with the previous certificate will be blocked by macOS security protections."
Disclaimer: This content has been sourced and edited from Dainik Jagran. While we have made modifications for clarity and presentation, the original content belongs to its respective authors and website. We do not claim ownership of the content.
-
Quote of the Day by Thomas Jefferson: 'Never spend your money before...' Finance lessons from one of greatest American diplomats
-
Kitten chaos! Cat love story sparks ugly neighbourhood war in Bengaluru, police intervenes after acid attack threat
-
Less stress, 3x pay, more holidays: Journalist turns postman at 53, says life changed completely
-
Why are oil and gas prices down today, and will Brent crude and US WTI crude futures continue to drop or rise again soon? Analysts insights, market outlook and what should investors do now
-
Will resolve Gorkha issue in constitutional manner without dividing Bengal: Amit Shah
