InfoHub Logo

Artificial intelligence leader OpenAI has announced it fell victim to a cybersecurity attack, potentially compromising its macOS applications. The incident involved an internal tool downloading a malicious software update, which could enable attackers to create fake applications disguised as legitimate OpenAI software.

Malicious Update via GitHub

According to OpenAI's advisory, on March 31, a tool used for signing certificates for macOS applications on GitHub downloaded a malicious update. This update originated from an open-source JavaScript library known as Axios. On the same day, malicious actors introduced two harmful updates to the Axios library.

Potential Risks for Users

Users of OpenAI applications on macOS, including ChatGPT, Atlas, and Codex, may be at risk. Attackers could exploit this vulnerability to create counterfeit OpenAI applications that appear legitimate, complete with valid certificates, potentially deceiving users and the App Store.

OpenAI's Response and Mitigation

OpenAI has stated there is no evidence that user data, intellectual property, or internal systems were compromised. Applications on other platforms such as iOS, Android, and Windows were not affected by this attack. As a precautionary measure, OpenAI will cease supporting older versions of its macOS applications starting May 8. Users will have a 30-day window to update; otherwise, revoked certificates may block new downloads and initial launches.