OpenAI Confirms Supply Chain Attack Stole Code-Signing Certificates; macOS Users Must Update by June 12

OPENAI-0.82%
CORE-1.31%
ALL2.31%
CODEX-0.51%

According to Odaily, OpenAI confirmed that its internal environment was targeted by a supply chain attack involving a malicious NPM package linked to TanStack, affecting two employee devices. While user data and core code remain unaffected, attackers stole partial internal repository access credentials, including code-signing certificates used for iOS, macOS, and Windows products.

To prevent misuse of stolen certificates, OpenAI has initiated defensive certificate rotation and mandated all macOS users of ChatGPT Desktop, Codex, and Atlas browser upgrade to the latest version by June 12, 2026. On that date, old certificates will be revoked and older versions will be blocked from launching or installing.

Disclaimer: The information on this page may come from third-party sources and is for reference only. It does not represent the views or opinions of Gate and does not constitute any financial, investment, or legal advice. Virtual asset trading involves high risk. Please do not rely solely on the information on this page when making decisions. For details, see the Disclaimer.
Comment
0/400
No comments